ced9edf5d1460713da985851fda632026b375613dbdd86ce8b7801aad1cd9a68

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe
Size

295KB
MD5

4b1f6fd5faa0974455b510320a810840
SHA1

166e5c625923da5d2676d72fa37aa2c21efca5ad
SHA256

ced9edf5d1460713da985851fda632026b375613dbdd86ce8b7801aad1cd9a68
SHA512

c4c4f939423b8309a01239f5da5018f47e27ddf38e9ee7f2ccaf4d6ffaff1d4803c35fc58fab0967ccf307c2f1514badd92a64fb833b9d15c1ca413377b6e06f
SSDEEP

6144:3aG9vZx0vmZY6Q+sIvGbkavk2159GaBM2DmappBQtOTMzOm:3aoT0vmZYx9UaBM2Dms4OTMa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 5012	2784	4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe	86
PID 2784 wrote to memory of 5012	2784	4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe	86
PID 5012 wrote to memory of 3948	5012	csc.exe	87
PID 5012 wrote to memory of 3948	5012	csc.exe	87

C:\Users\Admin\AppData\Local\Temp\4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4b1f6fd5faa0974455b510320a810840_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\v12mf4ds\v12mf4ds.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5012
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6D50.tmp" "c:\Users\Admin\AppData\Local\Temp\v12mf4ds\CSCD0EFA62DD9C4D0D886BACA2CDFC58B3.TMP"
    3⤵
    PID:3948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES6D50.tmp

Filesize
1KB

MD5
d52fbb9acb342655e061a3bbab5dba6f

SHA1
b5540a1cc37bd63d08bba304d5e4f5d376e4116c

SHA256
e351d159afbd4c2dc23dc73ac98d7e79c25385e60d0061aa1d50333243b516bf

SHA512
468dabbea0ea3eb3b3a61512b8709feb59a37b75982dd65a999a6d5358e176c8b0899aa3f339f813b83af08da4f1b06bdd35851136bb2d4ed4bd2a771d2c19ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\v12mf4ds\v12mf4ds.dll

Filesize
4KB

MD5
c7a933f3c5cc3a6043e09c1bcf11aed5

SHA1
c3c8750612e5e90ffc24b6bb94da088f1a4dcdae

SHA256
a0915a90535a0b1f82fd7943d5498d667b3caffe381f8aca32c3e6528b4686b2

SHA512
6c018e93185a9464b1b1fa7a4289e5a25d3602c02d4201196f1793e614efad1bcafd5a7222cedc1d7400c4de026d0ad26fdd6914805367b2b8120ddce91b67ce

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\v12mf4ds\CSCD0EFA62DD9C4D0D886BACA2CDFC58B3.TMP

Filesize
652B

MD5
9e28a032d283bdeee003c18550728ddd

SHA1
a756b9c58359023dce22b6686ea1fdd00e76e9a2

SHA256
4985262c6c84c52d0bec4c5043e135385a4285b52c7bb80b171940e56cb00d05

SHA512
621d3845ac6c4740bdb70e1054b001f42503eb4a67ebefc640640a5cfbdadba265dedd300845c9d3375befa8ca7ed3cdf706f1d686dd4ce9b3e9d235e4eb6bd3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\v12mf4ds\v12mf4ds.0.cs

Filesize
1KB

MD5
f420ebb3150f0764331a33377a7451b8

SHA1
8ed9b9d610e8ab76aea82a3830ad31059517630b

SHA256
dfb6ab38744b3a4e17cf7fa75b3126e88cbeabc907008f3921ff41c523a99a27

SHA512
b92767736261cb7c10f58576c44e62cd0d105e90e139b376d52ccb5cb7ca189205a1f7d7a5fec5d739f8763eded8b5c55b9057217fe9a55b1e151dc700760cbd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\v12mf4ds\v12mf4ds.cmdline

Filesize
208B

MD5
19f3b9108d63cc872ef8191e18d3cded

SHA1
7e238c4b85e11e489c769067d21319892d6d322a

SHA256
418bf89922c3b1d11016238d7e0fd2aa0cef375406600f3c6e030f9a1c53dfd4

SHA512
64f09ba53dff16f0ef4e22c4e7328a1cfcc6ba1e42841b9a8ad862ea03f9e9d312d796cad19a06ad1f5df2ea168e585681c0f67cccad58153e4be291e63147cd

Download Submit
memory/2784-16-0x00007FF8AEAA0000-0x00007FF8AF561000-memory.dmp

Filesize
10.8MB

Download
memory/2784-0-0x0000015DEC570000-0x0000015DEC571000-memory.dmp

Filesize
4KB

Download
memory/2784-12-0x0000015DEC620000-0x0000015DEC638000-memory.dmp

Filesize
96KB

Download
memory/2784-19-0x00007FF8AEAA0000-0x00007FF8AF561000-memory.dmp

Filesize
10.8MB

Download
memory/2784-11-0x00007FF8AEAA3000-0x00007FF8AEAA5000-memory.dmp

Filesize
8KB

Download
memory/2784-10-0x00007FF8CD270000-0x00007FF8CD465000-memory.dmp

Filesize
2.0MB

Download
memory/2784-9-0x0000015DEC570000-0x0000015DEC571000-memory.dmp

Filesize
4KB

Download
memory/2784-27-0x0000015DEC660000-0x0000015DEC668000-memory.dmp

Filesize
32KB

Download
memory/2784-30-0x00007FF7A8530000-0x00007FF7A8582000-memory.dmp

Filesize
328KB

Download
memory/2784-31-0x00007FF8AEAA0000-0x00007FF8AF561000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads