Overview

overview

7

Static

static

3

1ef12e4d41...cs.exe

windows7-x64

7

1ef12e4d41...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-06-2024 00:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ef12e4d4142bef76cec0e7d2cd55ec0_NeikiAnalytics.exe

  • Size

    94KB

  • MD5

    1ef12e4d4142bef76cec0e7d2cd55ec0

  • SHA1

    f8fe9728ca9c6996a95b7a50e5d3646b52d2952a

  • SHA256

    683ef3c8c84a43b7666587d12d527d4f6060f7fa90415c3adfdbcaa5538b861d

  • SHA512

    4813a20d0a17c60e487dc6fbde9ff698e69fd38cd43bec2cbb347751391deb11462832e4164198809e28e87e215a698a7f46be3736081d965c20d5ec72cd8f50

  • SSDEEP

    1536:eshfSWHHNvoLqNwDDGwCe6cLOClYNynC7cm:vhfxHNIie6cLOClYNynC7cm

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ef12e4d4142bef76cec0e7d2cd55ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ef12e4d4142bef76cec0e7d2cd55ec0_NeikiAnalytics.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4408
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1472

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    94KB

    MD5

    1c68464e2a32c0eed28c452c5d020457

    SHA1

    05bd7af82801f7155d2f90bf0bd0b2b201f7d357

    SHA256

    e0bb3998e76741eef44714a36a206c666fd2bcfbe98ddbb0f5af9b25b6d10c4d

    SHA512

    b274d50dfde5570aecf5836d7c4b330bafb894a796ea9b2b2fc7ea3247c54963fc4a930287f409df0bd193ffe812ab198916356e76e98a1d7cf815d04d3a5e4a

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    88KB

    MD5

    95701b75dbc830484d412d2d5f1c8403

    SHA1

    676d6334b5ae2188a99c20453de570dc0f7c0616

    SHA256

    61f67f35762b8c13eeb128765897aea695a791d72ebb70420bb247f9600f9bf2

    SHA512

    953e20c1017b1b07e8800e0bc1a1185a1fa1a56165e33a22e6620aed26d0d2c7e35b7bc72778f02b221ea6841def49c21342e8889eace7f4103b6e38f8b7dbd0

    Download Submit

  • memory/1472-14-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4408-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4408-13-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download