Overview

overview

7

Static

static

3

6994181770...cs.exe

windows7-x64

7

6994181770...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-06-2024 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69941817702b269949c1830e08f54a70_NeikiAnalytics.exe

  • Size

    431KB

  • MD5

    69941817702b269949c1830e08f54a70

  • SHA1

    d8eaa62708c59f15f98b02b4ad3fb8a6f8e9a581

  • SHA256

    9d97f68151a8371a0eb42f64fefe0e5017b00c8cb8c084b7ac4f31041fe7b106

  • SHA512

    7698e7339c427c34f806e65ce34ef3a7a79ec323b76cf3d2e6f4f0990356298e346f78f0673f31d20b1cb50422ed96e8ad2808971d2b1404e8501b8f611ba60f

  • SSDEEP

    12288:+7Etn6J3EvoKlSql4ejAAWxe1X7BMPpqeepz4eeriQ/ANBu:+Yt69EvoKlSql4ejrWx4X7BMPpqeepzk

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69941817702b269949c1830e08f54a70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\69941817702b269949c1830e08f54a70_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Users\Admin\AppData\Local\Temp\69941817702b269949c1830e08f54a70_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\69941817702b269949c1830e08f54a70_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\69941817702b269949c1830e08f54a70_NeikiAnalytics.exe
    Filesize

    431KB

    MD5

    9cdbfeb2c3d1c90798da16b49bbb37a6

    SHA1

    3d1850db53bbf783cd44eeebff644ea06fc6d444

    SHA256

    b736c885fcdc5efb967f4828198b8c6722efca909d5816b988b25e15a83392c9

    SHA512

    22280b9634a57c7288a7b5ba448b47a96178dc60ee6e410716c16612a18717b0dc7bc8a6289853430b3a6320bd0a3038f4c5efa7a26aa1984e2fb7c6ac40dbcf

    Download Submit

  • memory/1560-11-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1560-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1560-17-0x00000000000C0000-0x0000000000100000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1560-18-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2968-0-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2968-6-0x0000000000140000-0x0000000000180000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2968-10-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download