Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 13:28

General

  • Target

    3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe

  • Size

    87KB

  • MD5

    3658a8d01aa9c4287aa057541a07d8e0

  • SHA1

    f63ea741680f029b3b708e8ad343c59270b2cce6

  • SHA256

    b0f3eb14e1c14d95cc05e531b602928ef65f16e2af6a0050e7d00290c06b5610

  • SHA512

    4b500294368037165c276548e397bda358a07fb31a8be2636a968c6f55b7e4fa515018c1d8c3451f32f9745b3c94aa38877a9946b096ede22e40e135045d60ff

  • SSDEEP

    1536:/Ao0+j2d6rnJqlIUSJn3m2GnNCyuaMeFg8kVQ+SvMupWsZZZNF01Lryhv1g1s1Ea:/AoVl4lXin3m2GnNCyuaMeFg8kVQ+SvB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2384

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe

          Filesize

          87KB

          MD5

          f1035d60f2bacf4df168fd4df389cc49

          SHA1

          b92a188860fd924dc2d3f9aacccacd7275f6f617

          SHA256

          302cde7a0bff6d960b61c2ae4657d9ed3bb5dee0ef1743562a91098f2af78bb2

          SHA512

          8b5278a4e1caf6b23d23fbc124bf7bfb8cdf3c263968f0efc9bacde5460d9131f7edce53ec7c23f9f898073809c3500402bdabefbb96f10e4c4cca62f7f335cd

        • memory/1876-0-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

        • memory/1876-3-0x0000000000220000-0x000000000022D000-memory.dmp

          Filesize

          52KB

        • memory/2384-8-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB