Analysis
-
max time kernel
149s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 13:28
Static task
static1
Behavioral task
behavioral1
Sample
3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe
-
Size
87KB
-
MD5
3658a8d01aa9c4287aa057541a07d8e0
-
SHA1
f63ea741680f029b3b708e8ad343c59270b2cce6
-
SHA256
b0f3eb14e1c14d95cc05e531b602928ef65f16e2af6a0050e7d00290c06b5610
-
SHA512
4b500294368037165c276548e397bda358a07fb31a8be2636a968c6f55b7e4fa515018c1d8c3451f32f9745b3c94aa38877a9946b096ede22e40e135045d60ff
-
SSDEEP
1536:/Ao0+j2d6rnJqlIUSJn3m2GnNCyuaMeFg8kVQ+SvMupWsZZZNF01Lryhv1g1s1Ea:/AoVl4lXin3m2GnNCyuaMeFg8kVQ+SvB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2384 microsofthelp.exe -
Executes dropped EXE 1 IoCs
pid Process 2384 microsofthelp.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\microsofthelp = "C:\\Windows\\microsofthelp.exe" 3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\HidePlugin.dll microsofthelp.exe File created C:\Windows\microsofthelp.exe 3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1876 wrote to memory of 2384 1876 3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe 28 PID 1876 wrote to memory of 2384 1876 3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe 28 PID 1876 wrote to memory of 2384 1876 3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe 28 PID 1876 wrote to memory of 2384 1876 3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3658a8d01aa9c4287aa057541a07d8e0_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1876 -
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Windows directory
PID:2384
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87KB
MD5f1035d60f2bacf4df168fd4df389cc49
SHA1b92a188860fd924dc2d3f9aacccacd7275f6f617
SHA256302cde7a0bff6d960b61c2ae4657d9ed3bb5dee0ef1743562a91098f2af78bb2
SHA5128b5278a4e1caf6b23d23fbc124bf7bfb8cdf3c263968f0efc9bacde5460d9131f7edce53ec7c23f9f898073809c3500402bdabefbb96f10e4c4cca62f7f335cd