Overview

overview

7

Static

static

3

35233a314d...cs.exe

windows7-x64

7

35233a314d...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2024, 05:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    35233a314deba2c4b9d932047fb909f0_NeikiAnalytics.exe

  • Size

    760KB

  • MD5

    35233a314deba2c4b9d932047fb909f0

  • SHA1

    1afbb6871100ee6fc762db17a7a087139dd8b0c7

  • SHA256

    3ae58e138e5053dcb25014f025d2eb9f94c0b9119f6e967ee7de6a974d846052

  • SHA512

    ea8b7eac0c3a49e6c8d76f117ea6cd5553135a4430df690f75e51856d477eeea4d9483a97ac2daa5661d8e5dc4197f2abd4e6bfcdcc79a2b26807d3510df1a61

  • SSDEEP

    12288:1/J/m71432pBsHMZ3tJnojSl27rLzqN8OUEeMT1TkcCDx4ZMr4Q0:1/A6GTVnojg2yNRXTkcCCZM8b

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35233a314deba2c4b9d932047fb909f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\35233a314deba2c4b9d932047fb909f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\$$aE72.bat
      2⤵
      • Deletes itself
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3036
      • C:\Users\Admin\AppData\Local\Temp\35233a314deba2c4b9d932047fb909f0_NeikiAnalytics.exe
        "C:\Users\Admin\AppData\Local\Temp\35233a314deba2c4b9d932047fb909f0_NeikiAnalytics.exe"
        3⤵
        • Executes dropped EXE
        PID:2644
    • C:\Windows\Logo1_.exe
      C:\Windows\Logo1_.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Windows\SysWOW64\net.exe
        net stop "Kingsoft AntiVirus Service"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2580
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
          4⤵
            PID:2600

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\$$aE72.bat
            Filesize

            619B

            MD5

            7968912836a0e2f8f4aaa2793096db2e

            SHA1

            18c0ba13059cc614b14251ceefdf45b875f7885a

            SHA256

            5b6f3973e7344437f24da6138fbdc04692f77b5b1ea1da99aa26fa9b5bb90c36

            SHA512

            e6041450bdc9271b5cfeff5d3ff448be7eff37381b00dc38c9d84487c8f6916b7107c8125d34893d702fa4cec5a9a8865ae7afa568853366d0c855be7eb5750d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\35233a314deba2c4b9d932047fb909f0_NeikiAnalytics.exe.exe
            Filesize

            694KB

            MD5

            b0de85a29c0c43921883f2572f24042e

            SHA1

            0d1b0c04072035a595a96b87a7d9016392eb0484

            SHA256

            06d0b436d252a6913cf444c968f4d8575818edc9ea4b03d949e1e09be47baacb

            SHA512

            095638e3a65ef8f0b26d1d568d9de27ea3ecc992063b316bb04990d3155a906ac4f93eb1d7d1ee9935321d77de309cd1be31931293cc96da57118dc1de8a55e8

            Download Submit

          • C:\Windows\Logo1_.exe
            Filesize

            66KB

            MD5

            d5ce6e9a0095d2407a515cbb43bc623f

            SHA1

            365caa12850a5db53dd6226b45883021d6622da0

            SHA256

            39eac222b016827c94ac668e61aec5169d36202cb5dc23e014a1cdf43d838834

            SHA512

            4af761ecea5b6b4738ab5d0542410e7a78e3f4d57a4e9660d94d8fd7130111277610bd672bd85204b8ca42aed06c953d5fbd9f2be7e67e19a9ade1944d40e122

            Download Submit

          • memory/2204-13-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2208-21-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2208-22-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2208-24-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2208-30-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2208-32-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2208-115-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2208-163-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2208-238-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download