Analysis

  • max time kernel
    28s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 00:09

General

  • Target

    4ee941525ef3445b099653dce246bbc0_NeikiAnalytics.exe

  • Size

    615KB

  • MD5

    4ee941525ef3445b099653dce246bbc0

  • SHA1

    02d803d30642832034ccd9bc858f3fd99e5ba0e4

  • SHA256

    8fc73a320967934f254b8dc63aa7cd65b9e9aed62bbe48ec838914e82fdb142d

  • SHA512

    d291089751dccf3952465e3eedd9eed79b52fab5b46a82d5c604baa5784f47d3106a17e374e3357506ecc75dd7f6dcc56587c2584429cf48541ad4eeef8fb3eb

  • SSDEEP

    12288:wlbX+Waplw9U+qMi8CtdVldusIh6BBHCHrKZXCktSzIzWpX50:WbX+NYTqMi8CtBd2QHCHmTBW50

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ee941525ef3445b099653dce246bbc0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ee941525ef3445b099653dce246bbc0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:688
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4288
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev3393.tmp!C:\Users\Admin\AppData\Local\Temp\4ee941525ef3445b099653dce246bbc0_NeikiAnalytics.exe! !
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2348
      • C:\Users\Admin\AppData\Local\Temp\4EE941525EF3445B099653DCE246BBC0_NEIKIANALYTICS.EXE
        3⤵
        • Executes dropped EXE
        PID:3156
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev3393.tmp!C:\Users\Admin\AppData\Local\Temp\4EE941525EF3445B099653DCE246BBC0_NEIKIANALYTICS.EXE!
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4ee941525ef3445b099653dce246bbc0_NeikiAnalytics.exe

    Filesize

    615KB

    MD5

    fc01183e9c63369bdb4c3ff49d8a382d

    SHA1

    7174b9da8cf755e39a615996c57697cd0c0e9f4e

    SHA256

    0bdb8a22296b7c63ecd6654dce7c112b02ce0aa1a25b2b8bad4299191e735b29

    SHA512

    041378d8393fc00d4f93cd3b465df0f919721f20b527ddc6911e6ea263219cfa97b3d1749b4fe4cb09089d6d3caa09a22a693566f8a353963ff8b5d15a484163

  • C:\Windows\MSWDM.EXE

    Filesize

    47KB

    MD5

    336ffd74e5eb29bc13e4e0f5de0cb57a

    SHA1

    fb3bab77482267f8880cd329d926a41d397d072d

    SHA256

    688c0c407e9651d4fb63017475f3ca304c7ff8c0185592c3a1d7d3b660098c79

    SHA512

    e8e70882eebbb5a602ac68a4a51a15c7d32d083b5c5717981a9b33d358e17411a0fee1294b631f29f0f5cf06e0ad86109198de6114ba364fdaac1e866a049d76

  • C:\Windows\dev3393.tmp

    Filesize

    568KB

    MD5

    04fb3ae7f05c8bc333125972ba907398

    SHA1

    df22612647e9404a515d48ebad490349685250de

    SHA256

    2fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef

    SHA512

    94c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2

  • memory/688-0-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/688-7-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2348-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2348-24-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2700-21-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/4288-12-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/4288-25-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB