Analysis

  • max time kernel
    95s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 18:02

General

  • Target

    909221653f8554cd92b29f6d37414740_NeikiAnalytics.exe

  • Size

    5.9MB

  • MD5

    909221653f8554cd92b29f6d37414740

  • SHA1

    00c002de19f96b8763ee279e410b2fe77f83d098

  • SHA256

    9170c59bfb36a6fae54a027c8f47af3087fbe70140d4c1ac62495247011f66c1

  • SHA512

    103bdfd40861ac44dda2120875d87ba2385bad1746d144b3d630330f86a47aa51ee5bb00d5557b4de48ae9f50aaff1f28369c20e61341d2eb5bff990f43a5ab8

  • SSDEEP

    98304:emhd1UryeAZnf0tsnvGjxJ3zul5V7wQqZUha5jtSyZIUk:elgZnfdGjbzul52QbaZtliF

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\909221653f8554cd92b29f6d37414740_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\909221653f8554cd92b29f6d37414740_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Users\Admin\AppData\Local\Temp\3950.tmp
      "C:\Users\Admin\AppData\Local\Temp\3950.tmp" --splashC:\Users\Admin\AppData\Local\Temp\909221653f8554cd92b29f6d37414740_NeikiAnalytics.exe AAB2E7DB782392247BB796B24E8E6CCEE5E4B59E30156FA58E63B8D138DADFCEC675BE3F25717C93195C0BFCFD5EB664D0DE24B383262B7F77E96320DE91914B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3950.tmp

    Filesize

    5.9MB

    MD5

    acf0606c5ef3df84fef58c699f166f70

    SHA1

    1d30f6d7924625a7e3b1a36cb586e28b35d18c55

    SHA256

    df0e16620d0aa6fb05a33c32253ea2663db27899f1138dfa71b9f7989801bc4b

    SHA512

    8fca907880f0876319151c950a1444452622dab39bd8c4219d303fa780539157ee2522ff453a5d04fde48529695da91b205a31cf6bb2293d7c7075092d0cb0b6

  • memory/1532-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

  • memory/3180-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB