38b1fe391e86a9851ae2118d3a9f497b02d0ca056d6bac4d0ff20dda70188ef3

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-06-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

030016b776afb21658171c863faa49d0_NeikiAnalytics.exe
Size

204KB
MD5

030016b776afb21658171c863faa49d0
SHA1

948a513b271fcd99a3c385ab9d0b4c04572a517b
SHA256

38b1fe391e86a9851ae2118d3a9f497b02d0ca056d6bac4d0ff20dda70188ef3
SHA512

9cfdb607a731540bf5686373e0b04534402b80f498fab690b647b6f6f63aa2e60c944c5b6c4f796b3cdc269724f44ad126a3508d9757693efd1fb7553fbd9ca0
SSDEEP

6144:z1T2qtO0emEUYJIbKfG/ay3pl8thxBw0:z15M0emEUYftXBw0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 4548	4376	030016b776afb21658171c863faa49d0_NeikiAnalytics.exe	86
PID 4376 wrote to memory of 4548	4376	030016b776afb21658171c863faa49d0_NeikiAnalytics.exe	86
PID 4548 wrote to memory of 4684	4548	csc.exe	87
PID 4548 wrote to memory of 4684	4548	csc.exe	87

C:\Users\Admin\AppData\Local\Temp\030016b776afb21658171c863faa49d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\030016b776afb21658171c863faa49d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1yru5qqi\1yru5qqi.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4548
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7697.tmp" "c:\Users\Admin\AppData\Local\Temp\1yru5qqi\CSC3A8F2E1CB21749A19B29B0CBEBB0DED0.TMP"
    3⤵
    PID:4684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1yru5qqi\1yru5qqi.dll

Filesize
4KB

MD5
42b32d758d9ac8e9dd651bb2fe1d0754

SHA1
738881c2f126fc984492c79e6494c338220fcef4

SHA256
ea96f9bf9a5225fe4a170a9839990f772dcf74747cf9812c5ab679aa00a6fa99

SHA512
b2d6e24e3c9ac76a22d304ed0a8368a4eef1b7383b27af48369d32f5ddfb872ec917f3104b38837549be6abde50572f85408db8c1d6616a0a7ce3e3de907b94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES7697.tmp

Filesize
1KB

MD5
a647884399af213001fd79b97a3ca1da

SHA1
a84bb0dd2c7ed520c450579f72e38f1f40f311ea

SHA256
174fb5548eb7b2ada6bee016e2883c5b97371fbe5c5d619a804909f963e43436

SHA512
5c809b53d190f1d2917489e0224c967bb8e0359540b49f49dd6073d1652956b3284ecfc6b7c5c20502864c035cf5525b814366da282cd8ce9460ec23d35fcbf8

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\1yru5qqi\1yru5qqi.0.cs

Filesize
1KB

MD5
f420ebb3150f0764331a33377a7451b8

SHA1
8ed9b9d610e8ab76aea82a3830ad31059517630b

SHA256
dfb6ab38744b3a4e17cf7fa75b3126e88cbeabc907008f3921ff41c523a99a27

SHA512
b92767736261cb7c10f58576c44e62cd0d105e90e139b376d52ccb5cb7ca189205a1f7d7a5fec5d739f8763eded8b5c55b9057217fe9a55b1e151dc700760cbd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\1yru5qqi\1yru5qqi.cmdline

Filesize
208B

MD5
be57d7b59ac93f1fff158d74ce5348a2

SHA1
c74d498515555fb16e1e1e9f046dc59e44306223

SHA256
fc1eacb92624e043080e087d8a4e4ddc77328fd4387bb10eb6a75adab9757e88

SHA512
d84d5e1214ea6a368d64aff3449a0b84e78f989e1cb88c729d1b26481bb50c073fe4c8303b18a6b3d3ea5868f1d2672ebd9aaada2a42394de4085afd935991f4

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\1yru5qqi\CSC3A8F2E1CB21749A19B29B0CBEBB0DED0.TMP

Filesize
652B

MD5
5c7c05462f175fd94501b4eb30f242d0

SHA1
986c3210929e62621711db97ca20c429f2d10c41

SHA256
b29b1fa8ec3036ef61334ef6426525f615db375c93aa86e3cf9c8776fb7fed7f

SHA512
215a2aebe2149fbeb21a772aafdb3bdd64ce9ca16dfc4511b813f1f192301e23cb1c5bc4f418d70adc0381b9721da4653777b21d41950dfeb2cb00f49e93c40f

Download Submit
memory/4376-11-0x00007FF84D4E3000-0x00007FF84D4E5000-memory.dmp

Filesize
8KB

Download
memory/4376-18-0x00007FF84D4E0000-0x00007FF84DFA1000-memory.dmp

Filesize
10.8MB

Download
memory/4376-12-0x000001AEF1EC0000-0x000001AEF1EC6000-memory.dmp

Filesize
24KB

Download
memory/4376-19-0x00007FF84D4E0000-0x00007FF84DFA1000-memory.dmp

Filesize
10.8MB

Download
memory/4376-0-0x000001AEF1E30000-0x000001AEF1E31000-memory.dmp

Filesize
4KB

Download
memory/4376-10-0x00007FF86BFF0000-0x00007FF86C1E5000-memory.dmp

Filesize
2.0MB

Download
memory/4376-27-0x000001AEF1ED0000-0x000001AEF1ED8000-memory.dmp

Filesize
32KB

Download
memory/4376-30-0x00007FF63DC90000-0x00007FF63DCCC000-memory.dmp

Filesize
240KB

Download
memory/4376-9-0x000001AEF1E30000-0x000001AEF1E31000-memory.dmp

Filesize
4KB

Download
memory/4376-31-0x00007FF84D4E0000-0x00007FF84DFA1000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads