Analysis
-
max time kernel
123s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/06/2024, 07:34
Static task
static1
Behavioral task
behavioral1
Sample
1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe
-
Size
712KB
-
MD5
1630281bf6150a3debbfc4aecf53c530
-
SHA1
6ac6f98f76793dba1e67385055fd05097c6f0506
-
SHA256
03bcec36de566b396586d8354a73181ca584c2ac701e8a846ca2f08e741c54f2
-
SHA512
6d59c14364457bb14a36f6025da6aedbde1a17795816beb57298eb7902181eb7e9e4e6c97b3925d5f456bf050361158c93f6cc0ea77ef40a73489502284bb290
-
SSDEEP
6144:0gkbhEh9DbFZdCsKg8SVAKtVSVeB/yfBV+UdvrEFp7hKZ:q9qhWg8SO0SVG/KBjvrEH76
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2912 system32.exe -
Loads dropped DLL 64 IoCs
pid Process 2000 1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe 2000 1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe 2912 system32.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\System32 = "C:\\Users\\Admin\\system32.exe" system32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2000 1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe 2912 system32.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2000 wrote to memory of 2912 2000 1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe 28 PID 2000 wrote to memory of 2912 2000 1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe 28 PID 2000 wrote to memory of 2912 2000 1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe 28 PID 2000 wrote to memory of 2912 2000 1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1630281bf6150a3debbfc4aecf53c530_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Users\Admin\system32.exeC:\Users\Admin\system32.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:2912
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
712KB
MD5df5d11e3d45b004232d4bacd4f113e6b
SHA1bcb448e159b110351ee4142778ff82cc43296c42
SHA256f6f59d0628483ba08b042ac843c35f5cb99b50cb59f2aa1a670d3ea2fe5480be
SHA512049599a57b7f3808fbe3a572f73fd7bfe01f8f3e9b8345fc90115dd9f239612f1684b05c29d038820fc16bbd4c87c2053930d611ff9b4a290c578aec4bdbfac7