0a2bea9bde8aa624311b25022fd2365e3ec4621a278d895117774c720f65fc30

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
07-06-2024 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe
Size

969KB
MD5

27adce6c27fcfb3b7ed8438777046300
SHA1

f0b75460ceef6d332f4710e5d69b4420c73b4c46
SHA256

0a2bea9bde8aa624311b25022fd2365e3ec4621a278d895117774c720f65fc30
SHA512

abae87e31992f2fd2d0db80db866ab469f638ab34fd2a7775a520ec9200ae3af5d000f5af27e2c1ee754af0bfd410a43b27e856d48ec62226a5c1663e15878d6
SSDEEP

24576:PVcmQleMs74UTNyehoJRxmzy9J1zK8CBvKka/ZSsD0TCIOhPe6BWqLp:tceM6oeSJRxn9q8Cgkg3D0GIOhPe6BWM

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1808	27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
1808	27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe

Loads dropped DLL 1 IoCs

pid	Process
2392	27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	pastebin.com
4	pastebin.com

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1808	27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2392	27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1808	27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 1808	2392	27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe	29
PID 2392 wrote to memory of 1808	2392	27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe	29
PID 2392 wrote to memory of 1808	2392	27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe	29
PID 2392 wrote to memory of 1808	2392	27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe	29

C:\Users\Admin\AppData\Local\Temp\27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Users\Admin\AppData\Local\Temp\27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\27adce6c27fcfb3b7ed8438777046300_NeikiAnalytics.exe

Filesize
969KB

MD5
83cddefe7fd47485763bee890209666b

SHA1
49008d511bb073f2eaba599dd75585e56e6674b6

SHA256
8ea9eea80e86c3ea489ea76b93d02968aa7f52ac96915729e10478e371d7e392

SHA512
d0eeff28983ae0b33aaf3c3ba917362ff8bd01d71d0cef7539e4698708774fe17dc45003dee981639f6ad5377de569644cd43eeecc441c9a43ad93cb2acef34c

Download Submit
memory/1808-16-0x0000000002EE0000-0x0000000002FD2000-memory.dmp

Filesize
968KB

Download
memory/1808-10-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1808-38-0x000000000D890000-0x000000000D933000-memory.dmp

Filesize
652KB

Download
memory/1808-32-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1808-39-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/2392-0-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/2392-6-0x0000000003140000-0x0000000003232000-memory.dmp

Filesize
968KB

Download
memory/2392-9-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download