Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 23:06

General

  • Target

    4b8a0dc43483bfebabde3a4d3bdc15d0_NeikiAnalytics.exe

  • Size

    61KB

  • MD5

    4b8a0dc43483bfebabde3a4d3bdc15d0

  • SHA1

    772a7380f9a064251910e8aaff0aeff9027c115a

  • SHA256

    73d3e046d17dec67bc49e69c9b8b50b37395e312fc8ca870bee6a3685acef721

  • SHA512

    3fcfa1399f8dc5c92b5faa04289f787f3c84ef8a60d155dfbbdaae10a7ab5379efaa154508ea27ef2e4182c3faa1766e87b11db2922545925155de9492ea2093

  • SSDEEP

    1536:1ttdse4OcUmWQIvEPZo6E5sEFd29NQgA2wwle5:ddse4OlQZo6EKEFdGM21le5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 14 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b8a0dc43483bfebabde3a4d3bdc15d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4b8a0dc43483bfebabde3a4d3bdc15d0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Windows\SysWOW64\ewiuer2.exe
        C:\Windows\System32\ewiuer2.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2668
        • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
          C:\Users\Admin\AppData\Roaming\ewiuer2.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious use of WriteProcessMemory
          PID:2520
          • C:\Windows\SysWOW64\ewiuer2.exe
            C:\Windows\System32\ewiuer2.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:316
            • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
              C:\Users\Admin\AppData\Roaming\ewiuer2.exe
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in System32 directory
              • Suspicious use of WriteProcessMemory
              PID:1420
              • C:\Windows\SysWOW64\ewiuer2.exe
                C:\Windows\System32\ewiuer2.exe
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious use of WriteProcessMemory
                PID:1944
                • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
                  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
                  8⤵
                  • Executes dropped EXE
                  PID:448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7482N43U.txt

    Filesize

    230B

    MD5

    8da93f585220035932e5bb61252e3763

    SHA1

    e635555a94d5d1f3baf42f6f1867e560d11e2b4c

    SHA256

    8a277060790ab47f49cc8d3b5eb0aed22de06c06fab34e9620a7e3671849f98c

    SHA512

    3d76a5987e6165ade06100c8c89df26737c2833110b39797079a156ef3071a9bdcc00a23f09417f9908c4ff5e97fbc2365af0103fbb6d10963003836dfeca681

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OD58KC4T.txt

    Filesize

    229B

    MD5

    fe17f44cb0d28f7e2be53848e35dec79

    SHA1

    ed132258fac67209da6030b55a9384a5309c05a7

    SHA256

    f96f3c421467a84340e5ef07550d8bd50aec0623450492025aedb1e9502b8220

    SHA512

    8c622bbca6a4f22400f8e9c574d42643cc29668261294f7fb0bc32574ac30d1836b6fe5ea59102d173b050f7e41cda6d85b08d9679c96fb2c828553a67ff2f33

  • \Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    61KB

    MD5

    ce4ea61ef2653a6e44db184286ed6f6c

    SHA1

    044f6a2e932fb434941758139e88cc16c31e307c

    SHA256

    b9b0fdf6ef0cc27dc8115fc2075d61241595fb628091e0a13f096f344c640a54

    SHA512

    be61f0ea0360a44ea5f7d9384d2fa3b8b86b3b6e207cddc15545ba80ca5d169e2cf2a1470d1b307d14c1dc3eb295d80f60c4b41f1d543663956a40667d6d0d2c

  • \Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    61KB

    MD5

    a39f94bb7769887680b5492bf739bda0

    SHA1

    4fd62580302c552380c3f351a8e071aaa116b3c4

    SHA256

    a1244d856dec6c188392f6f1be3df1fde421f6d2271be81dd2205ac68f1b09eb

    SHA512

    9b4fa7298887ce0b52db3344e77b7d16e9168ac78c1cd48a45c22afd8c96d4536fe8af41f5085a8629099810117df935bb858582cde2e54e84193fbb88afde94

  • \Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    61KB

    MD5

    52b52e4fd075aa291e0910785d38a870

    SHA1

    7a7dd811a7abd87259ca20db5ed2b09ccd8bc6f9

    SHA256

    d0a028ac535553a60fb99805df9f5e259ff6c00760b477ce2e11915f53b50f11

    SHA512

    a7e50f2e542326c4ea20e67a61f3f994b2cc3f1cddf175b23587547d4730634050b83bd3a35f6d5b866956873384ef21b7c6a6ceaa4221a4d4beb517eb0894a7

  • \Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    61KB

    MD5

    a58a3279f916d1338a2a9881c4941de8

    SHA1

    6b1dd8b79ac1f304d82083f9963fd0a98e80ca78

    SHA256

    12c9577c4e88470156600383d32473e833cec5fd82081e7d126ba40c70fc70c6

    SHA512

    b28429a0df7a712944fc63d861c416cf5d7f9531fbb2ee96c0d36ec8ea29a169496a266350232a33e66a5e1daa35d99d63d41c7f3f6d502ed91bd2af49fe0677

  • \Windows\SysWOW64\ewiuer2.exe

    Filesize

    61KB

    MD5

    4dc4382862be77aaa74ec173573e9a39

    SHA1

    dea3b19cb474b13c7f4b877d4c4f528215b259f1

    SHA256

    137c462ee4afa3fb7c905ff9e1fcb663c69a57a2d602ca274aca02af4a4a7e2f

    SHA512

    5d2c4134e4abe62955d1720183d4e3bfd5e71ed5ed1aefaf838d385e9bbe98cea2f5be538fb162b4c3e78d65057002a26ab7cff96a958de58ece9059c1eddeab

  • \Windows\SysWOW64\ewiuer2.exe

    Filesize

    61KB

    MD5

    728ff389c2b3aa19b6da2493e88bd0b7

    SHA1

    b254817d3ed340528a8b48c9a3f380d996b780c0

    SHA256

    4ff8fa13f8d1fb1c7b416352954632e7d966b1ca28542b1d2f649f84ccd2d841

    SHA512

    17d54b0e24fffda50f685750c071f66ff2656dc9d45b8cbbefdf73c8cfc1b4586343851c506b78f862963427245cd79d17efe618cc0569d1e07e84a2ec2338fb

  • \Windows\SysWOW64\ewiuer2.exe

    Filesize

    61KB

    MD5

    502890c48d472b802b10765130f8f58b

    SHA1

    b2270eb5b81e265ceb2f883460f98f49a69e3ce5

    SHA256

    f3cab21e3ae59b43bda229c456416d67f37be362adf2dc0aa3773067bfcc81e2

    SHA512

    642a056db4bd71201d0cbea1f2d5629adf59e28d275a395c5eba8301e339a86fa898aa4d11f92b7ceeebc89a6a111da5960e5eadc87a56d06eb65fc4906d160c