Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 04:36

General

  • Target

    5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe

  • Size

    6.0MB

  • MD5

    5f017ae69bbcdedee207959194d84880

  • SHA1

    fbcd4758c26a7bdc83eecbb465c907c0a980ca38

  • SHA256

    277ef8b52e95b83a202c915a0916dea2be54b4cf7640b0d381a90ef965afccb4

  • SHA512

    630cef18a5a844faa59de726ab24bc26d1bcdb30f55454a01c576edb091d50e838e6a7e8c06f3b3b4b4407bcdfcf2825c05363685fb60bdfd4613f694e3f2b0f

  • SSDEEP

    98304:emhd1UryenKy6fo3bV7wQqZUha5jtSyZIUS:elMUb2QbaZtlir

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1496
    • C:\Users\Admin\AppData\Local\Temp\3345.tmp
      "C:\Users\Admin\AppData\Local\Temp\3345.tmp" --splashC:\Users\Admin\AppData\Local\Temp\5f017ae69bbcdedee207959194d84880_NeikiAnalytics.exe CEF271D866C22E03A62DEF8AD71E06AF4406E39E08B2143CB8B158ABA5F9EF57B66D3D41D3B7A9501A6B95A2C8A9CC1D4ECB816334856217FAF9D8E72247E34F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:5016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3345.tmp

    Filesize

    6.0MB

    MD5

    5b81135c884b39d1834302d92c85baab

    SHA1

    9af5675ecc049761c27cfbb333ad98893cab6529

    SHA256

    5c0b7c8e586f1f974b2fe1b8ef0d15af1a18bfa85b9e96c79d8f6ee9b3e4971f

    SHA512

    0e1e296c6e126bfe8b4187af6f695e5e9607118bc7f9fcb2beeb27b49888f6150bc9f5f3a7c3891f245229b3c7074d3684a960a93d7b63b402da86ffa0d72377

  • memory/1496-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

  • memory/5016-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB