Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 14:54

General

  • Target

    388e146d8b5873911b4363142a843080_NeikiAnalytics.exe

  • Size

    36KB

  • MD5

    388e146d8b5873911b4363142a843080

  • SHA1

    3172234bf3ed614b75cc05a2e928b79ad7c93f64

  • SHA256

    847fb3489de9667a89d036bf430014088803ed4f1b05b94123a9f2e6442f7d78

  • SHA512

    b23c66150d1f63c11d52d79b1d2dd3e731843f6bfe502ca99bc5ce61c116f9db07881964a7cb5be4f2ae72f665b4d51e1887e2fc7c7e1e9eda9917963d82ac7a

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNh:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYg

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\388e146d8b5873911b4363142a843080_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\388e146d8b5873911b4363142a843080_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2180

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe

          Filesize

          36KB

          MD5

          0a9fd6b00f0dafbee1ace349a5a16aa4

          SHA1

          995dc5babd1bf7cc941644d3fdceea55d58fe793

          SHA256

          98ddca82740c68ecba6e336e5cad57fc7f529098f056e257fa544b3776ff6e02

          SHA512

          c06431717bafd7e685b2ec5711e6194edb1b2e52843433d618c551c686443e2723bf75e9bd021f26d1a4fd3ae58226d115536dbe7db5ac604ceafc3206396dba

        • memory/1200-0-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

        • memory/1200-6-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

        • memory/2180-8-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB