Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 04:36

General

  • Target

    5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe

  • Size

    6.0MB

  • MD5

    5f017ae69bbcdedee207959194d84880

  • SHA1

    fbcd4758c26a7bdc83eecbb465c907c0a980ca38

  • SHA256

    277ef8b52e95b83a202c915a0916dea2be54b4cf7640b0d381a90ef965afccb4

  • SHA512

    630cef18a5a844faa59de726ab24bc26d1bcdb30f55454a01c576edb091d50e838e6a7e8c06f3b3b4b4407bcdfcf2825c05363685fb60bdfd4613f694e3f2b0f

  • SSDEEP

    98304:emhd1UryenKy6fo3bV7wQqZUha5jtSyZIUS:elMUb2QbaZtlir

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Users\Admin\AppData\Local\Temp\5310.tmp
      "C:\Users\Admin\AppData\Local\Temp\5310.tmp" --splashC:\Users\Admin\AppData\Local\Temp\5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe 63E0B7B8506C7EDE85A0D4499F4BB7D34F5A2CBF658F8630F8F3E3F1D662B59D2B356C9A9ADF756DD9F6E8A77D8F26BDAB18E12E7EFC43D6342E1FB6CAE6B5E2
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5310.tmp

    Filesize

    6.0MB

    MD5

    1f090fd343d5951764c1a101d773e861

    SHA1

    3db829130df5106117f2a0027471f5cb2f2c0b39

    SHA256

    c8b9d31d924b7f08badf45926b1c12399053fa69c04b9407fb2f3869464e7384

    SHA512

    d911d4406252b27360ec78bc0a0f30f977b0178640d4aca9e70d19f630530c5c35e24c974cbbab521d3296d1cc02cd8870a76a6fda7cc0b91c165cb37e09f8c6

  • memory/2416-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

  • memory/2944-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB