Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 04:36
Static task
static1
Behavioral task
behavioral1
Sample
5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe
-
Size
6.0MB
-
MD5
5f017ae69bbcdedee207959194d84880
-
SHA1
fbcd4758c26a7bdc83eecbb465c907c0a980ca38
-
SHA256
277ef8b52e95b83a202c915a0916dea2be54b4cf7640b0d381a90ef965afccb4
-
SHA512
630cef18a5a844faa59de726ab24bc26d1bcdb30f55454a01c576edb091d50e838e6a7e8c06f3b3b4b4407bcdfcf2825c05363685fb60bdfd4613f694e3f2b0f
-
SSDEEP
98304:emhd1UryenKy6fo3bV7wQqZUha5jtSyZIUS:elMUb2QbaZtlir
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2944 5310.tmp -
Executes dropped EXE 1 IoCs
pid Process 2944 5310.tmp -
Loads dropped DLL 2 IoCs
pid Process 2416 5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe 2416 5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2416 wrote to memory of 2944 2416 5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe 28 PID 2416 wrote to memory of 2944 2416 5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe 28 PID 2416 wrote to memory of 2944 2416 5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe 28 PID 2416 wrote to memory of 2944 2416 5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Users\Admin\AppData\Local\Temp\5310.tmp"C:\Users\Admin\AppData\Local\Temp\5310.tmp" --splashC:\Users\Admin\AppData\Local\Temp\5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe 63E0B7B8506C7EDE85A0D4499F4BB7D34F5A2CBF658F8630F8F3E3F1D662B59D2B356C9A9ADF756DD9F6E8A77D8F26BDAB18E12E7EFC43D6342E1FB6CAE6B5E22⤵
- Deletes itself
- Executes dropped EXE
PID:2944
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.0MB
MD51f090fd343d5951764c1a101d773e861
SHA13db829130df5106117f2a0027471f5cb2f2c0b39
SHA256c8b9d31d924b7f08badf45926b1c12399053fa69c04b9407fb2f3869464e7384
SHA512d911d4406252b27360ec78bc0a0f30f977b0178640d4aca9e70d19f630530c5c35e24c974cbbab521d3296d1cc02cd8870a76a6fda7cc0b91c165cb37e09f8c6