Overview

overview

7

Static

static

3

04bdfdf420...cs.exe

windows7-x64

7

04bdfdf420...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 23:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04bdfdf42053d37a449bdf214d2e0970_NeikiAnalytics.exe

  • Size

    4.4MB

  • MD5

    04bdfdf42053d37a449bdf214d2e0970

  • SHA1

    09f918117ed752436829a19d00adb1797f731ef7

  • SHA256

    5a6e8de5235f7ff0334bf538da1591a118d4a1c72337ff1009b96eec10ed93ad

  • SHA512

    9e7be918e2b9e4b3aac0516afe142d3f36831020ab5abda8f495738f7de41e588c9a2c838d929da87ed517051c3cbd540162aa9bffe6724c1d84d4fd587aac47

  • SSDEEP

    98304:emhd1UryebsNeIe1vqlzdYV7wQqZUha5jtSn:el7soIe1vGu2QbaZte

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04bdfdf42053d37a449bdf214d2e0970_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\04bdfdf42053d37a449bdf214d2e0970_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Users\Admin\AppData\Local\Temp\33F1.tmp
      "C:\Users\Admin\AppData\Local\Temp\33F1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\04bdfdf42053d37a449bdf214d2e0970_NeikiAnalytics.exe F20F80C92B8B4877103DD10AA142AA439677B44D104279304D08642783B4DD508546A5BC5B129A45CA175B59B0042F7D1061B9904B035478A6B2A5495EA6446E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\33F1.tmp
    Filesize

    4.4MB

    MD5

    dfdcd86861268e0043a854aeb746264e

    SHA1

    446ea827d1919fa5034adbf29c0e2f18f8ed2efb

    SHA256

    1d0533eb466833dd9f9074920583f7aa5a4cad9f9a3d3fae09e3a3862a69d345

    SHA512

    23f1b46af75ea5f972aa73fe08346f41f0ed56aac96b23ad3c98150ca3a80cf70e348080ede81b4f8c32f41c1a593f59bf538dba171ff440bf441d8a0c0b10e2

    Download Submit

  • memory/968-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/1656-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download