Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 22:59
Static task
static1
Behavioral task
behavioral1
Sample
4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe
-
Size
295KB
-
MD5
4b1f6fd5faa0974455b510320a810840
-
SHA1
166e5c625923da5d2676d72fa37aa2c21efca5ad
-
SHA256
ced9edf5d1460713da985851fda632026b375613dbdd86ce8b7801aad1cd9a68
-
SHA512
c4c4f939423b8309a01239f5da5018f47e27ddf38e9ee7f2ccaf4d6ffaff1d4803c35fc58fab0967ccf307c2f1514badd92a64fb833b9d15c1ca413377b6e06f
-
SSDEEP
6144:3aG9vZx0vmZY6Q+sIvGbkavk2159GaBM2DmappBQtOTMzOm:3aoT0vmZYx9UaBM2Dms4OTMa
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3040 wrote to memory of 2940 3040 4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe 29 PID 3040 wrote to memory of 2940 3040 4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe 29 PID 3040 wrote to memory of 2940 3040 4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe 29 PID 2940 wrote to memory of 2572 2940 csc.exe 30 PID 2940 wrote to memory of 2572 2940 csc.exe 30 PID 2940 wrote to memory of 2572 2940 csc.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uasca055\uasca055.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:2940 -
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3727.tmp" "c:\Users\Admin\AppData\Local\Temp\uasca055\CSC1F10B95CE9D486191A6538F6F8FC844.TMP"3⤵PID:2572
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5f9d7c20d6c449e6641fbe66c45f3adb6
SHA1e518c51d9d995a96d980990b0df2b90c25194add
SHA2568feab974c0c9d33b39c038c815295b6a8b4cab98442d02606d3edb2df3086c5a
SHA51282317197dee22475375e5afb701e1920f761a0ee23f445f598cb8a68024fad21c2ec17e9da01d9fddb4f9354348f9c18bd6cf3d1e026fd651990b1798103195b
-
Filesize
4KB
MD5e9665614ef18d4ba6f99c6cb900d0dd6
SHA1d1cbb326fbd0af06d3a99391783a45eb19c5f301
SHA256c004a091054ee3c66b98c349b2fb45cb3a0b1d726373a2bf15b40cdc00128237
SHA5125212fdb0b2cd86636cfea9ac18107971b639b967a9f9c43d5219c980f34245b8e16f79420dabe0d24240caa55eac4651285239efc6cb048de1ff0630b318be99
-
Filesize
652B
MD5d1043d97a80d98173643de6203ade524
SHA16af50e6779ce3bbae3a7ccb67b1db17bd834a131
SHA25624ea9d8fc3a7321436684ba67901c16decf1b1a0268c7687caab64333691495d
SHA5129bdcbe2f8a78770f7b98ac165d9c37bf560e79498a284f40a5024d6fb84a6a230ade20e3a1410dcc7c8d5d02fe5d405859b45b1e7d2e6f35f1e3bc794c35237b
-
Filesize
1KB
MD5f420ebb3150f0764331a33377a7451b8
SHA18ed9b9d610e8ab76aea82a3830ad31059517630b
SHA256dfb6ab38744b3a4e17cf7fa75b3126e88cbeabc907008f3921ff41c523a99a27
SHA512b92767736261cb7c10f58576c44e62cd0d105e90e139b376d52ccb5cb7ca189205a1f7d7a5fec5d739f8763eded8b5c55b9057217fe9a55b1e151dc700760cbd
-
Filesize
208B
MD5a6c83b063491ece96b73ba047c67a9cb
SHA162ce085852541a78ba2991ca3d16a08a55ca6d83
SHA256954ecbad86521034d325154b064e20a93a7738a1d2fdf7f051330fe217a002dc
SHA5128e742e33701a21dfd1fc4cd45a364e53b4324ca4ee38271b77d9ed588ede1edf502f93af8270030c284d2f515df8555581d0244320aba970666f54bfa221b158