38b1fe391e86a9851ae2118d3a9f497b02d0ca056d6bac4d0ff20dda70188ef3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

030016b776afb21658171c863faa49d0_NeikiAnalytics.exe
Size

204KB
MD5

030016b776afb21658171c863faa49d0
SHA1

948a513b271fcd99a3c385ab9d0b4c04572a517b
SHA256

38b1fe391e86a9851ae2118d3a9f497b02d0ca056d6bac4d0ff20dda70188ef3
SHA512

9cfdb607a731540bf5686373e0b04534402b80f498fab690b647b6f6f63aa2e60c944c5b6c4f796b3cdc269724f44ad126a3508d9757693efd1fb7553fbd9ca0
SSDEEP

6144:z1T2qtO0emEUYJIbKfG/ay3pl8thxBw0:z15M0emEUYftXBw0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2528	1924	030016b776afb21658171c863faa49d0_NeikiAnalytics.exe	29
PID 1924 wrote to memory of 2528	1924	030016b776afb21658171c863faa49d0_NeikiAnalytics.exe	29
PID 1924 wrote to memory of 2528	1924	030016b776afb21658171c863faa49d0_NeikiAnalytics.exe	29
PID 2528 wrote to memory of 2636	2528	csc.exe	30
PID 2528 wrote to memory of 2636	2528	csc.exe	30
PID 2528 wrote to memory of 2636	2528	csc.exe	30

C:\Users\Admin\AppData\Local\Temp\030016b776afb21658171c863faa49d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\030016b776afb21658171c863faa49d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ygmy00qq\ygmy00qq.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3ED4.tmp" "c:\Users\Admin\AppData\Local\Temp\ygmy00qq\CSCEDB2F458A6184341892C171F65AA2059.TMP"
    3⤵
    PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES3ED4.tmp

Filesize
1KB

MD5
bbdef64956d31fa146f95845cfc61fe4

SHA1
74c2c652cb6d5ade394255823c2e80c128b6a082

SHA256
4739d000994ea42f3aaffffced7f52034b104c7e003b2e00ea5dc0a4e5bb56d0

SHA512
24cb8a164b16645105dd948de4e85d1f6b46955d5f33db11a78a81641876676041d1dc4bba493201f8fc2cb6fb7cf2d39de34d6d8194a9e49fdc65efa4c98569

Download Submit
C:\Users\Admin\AppData\Local\Temp\ygmy00qq\ygmy00qq.dll

Filesize
4KB

MD5
1648217b107948f899f9b908c4f91735

SHA1
91e01c0a6c059d80b85427e073ace7baf352e388

SHA256
833a20c20887e36a4258cd2c219bfded7c85a0a01502b2442fc757230ea79d61

SHA512
b960c33dcd903a87ecf9ca85b676a6f1c0e963c9a1c7f3e02cbf29e80bde971d5da211bab4f768a2237a1e58020294a247ae5433a1a38fc23a42609b4d3b5799

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ygmy00qq\CSCEDB2F458A6184341892C171F65AA2059.TMP

Filesize
652B

MD5
9e3c68826efbc88fbc2d54e2b5585c61

SHA1
62f17f9bf07c6c3b30bfec86f13c15af4155e791

SHA256
32fd100e804a4fd59da761e9a1d50f8d25a5f4f39d066257cff8e0f22e367ef9

SHA512
b86e476b300b0a16a60f7e780f2c589cc4f007f11224fe11cdf0f6545b4493b2c769c3b02edb53fe03f326ec4e71015c84f66104c535d0fd1364d9c031875db7

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ygmy00qq\ygmy00qq.0.cs

Filesize
1KB

MD5
f420ebb3150f0764331a33377a7451b8

SHA1
8ed9b9d610e8ab76aea82a3830ad31059517630b

SHA256
dfb6ab38744b3a4e17cf7fa75b3126e88cbeabc907008f3921ff41c523a99a27

SHA512
b92767736261cb7c10f58576c44e62cd0d105e90e139b376d52ccb5cb7ca189205a1f7d7a5fec5d739f8763eded8b5c55b9057217fe9a55b1e151dc700760cbd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ygmy00qq\ygmy00qq.cmdline

Filesize
208B

MD5
37275f800b85f1a0fe6c0c9e3698a58b

SHA1
de55840e63f6855c0e8f339983e8c3d969db2421

SHA256
74ee62571f8b67182aae5c88953cd90abdb360f68001acebf160f414e85bbe1c

SHA512
fbaef31cdc44006d8add2df525d5ce9c16ce19ad1cddaf5c82545a8d947981cb6b95f843c4b33a161390555422b9556e64cbb0489818d1bd586c86b291b3e50c

Download Submit
memory/1924-11-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/1924-18-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

Filesize
9.9MB

Download
memory/1924-12-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

Filesize
9.9MB

Download
memory/1924-0-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1924-10-0x000007FEF5BD3000-0x000007FEF5BD4000-memory.dmp

Filesize
4KB

Download
memory/1924-9-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1924-26-0x0000000001E70000-0x0000000001E78000-memory.dmp

Filesize
32KB

Download
memory/1924-28-0x000000013F4A0000-0x000000013F4DC000-memory.dmp

Filesize
240KB

Download
memory/1924-29-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads