2fd39b4d1c12bc8b1ef8531c36f816b72dddf37db7e878a651c6a5caefe1e619

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06-06-2024 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

233c44d8d8bbc8841396d05e427f0fe0_NeikiAnalytics.exe
Size

47KB
MD5

233c44d8d8bbc8841396d05e427f0fe0
SHA1

e3e10b58c2dfde3716323e6b9dbfbd826186624d
SHA256

2fd39b4d1c12bc8b1ef8531c36f816b72dddf37db7e878a651c6a5caefe1e619
SHA512

acfc0309e4f2e7e01f352aa32c91cfdf17d61812d683236f6a2cdf645337ea3843092dc83b21280a352fa78fb9424b3d98bce655ccb6de4d82d3ebb467059d73
SSDEEP

768:xWRR4LiBiapyJJ+2ZXUFGtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGWlk4p:x0aiBzpzOXvtdgI2MyzNORQtOflIwoH8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2748	suip.exe

Loads dropped DLL 1 IoCs

pid	Process
2872	233c44d8d8bbc8841396d05e427f0fe0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2872	233c44d8d8bbc8841396d05e427f0fe0_NeikiAnalytics.exe
2748	suip.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2748	2872	233c44d8d8bbc8841396d05e427f0fe0_NeikiAnalytics.exe	28
PID 2872 wrote to memory of 2748	2872	233c44d8d8bbc8841396d05e427f0fe0_NeikiAnalytics.exe	28
PID 2872 wrote to memory of 2748	2872	233c44d8d8bbc8841396d05e427f0fe0_NeikiAnalytics.exe	28
PID 2872 wrote to memory of 2748	2872	233c44d8d8bbc8841396d05e427f0fe0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\233c44d8d8bbc8841396d05e427f0fe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\233c44d8d8bbc8841396d05e427f0fe0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\suip.exe
  "C:\Users\Admin\AppData\Local\Temp\suip.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\suip.exe

Filesize
47KB

MD5
cb4211f2b35722b1d80364af2f18f041

SHA1
16c0432f7ac56257724f58e2efd616e61674e165

SHA256
5f379c45aeb8d7fae75fc53eaad8d1f24ac2b43cd010f2ca7887c14ad6f974f1

SHA512
50ef733c01bb03ec52ea3fe6e155149827d88272bc6c8cd08e1a2b5dbe95cd41bdab515b8ebf8ace1bf3d5e340a0d2a5959701541368779988887e1ab2a12b13

Download Submit
memory/2748-23-0x0000000002920000-0x0000000002926000-memory.dmp

Filesize
24KB

Download
memory/2872-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2872-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2872-8-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download