ad90736eea120efefa04cb406bd4ec115cd82fa3df4069754db280d7d7714e87

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 05:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe
Size

320KB
MD5

60b7aa4ea638f374b44cc2676ad447a0
SHA1

714f413a11abc1cb26b85dfcfdbb3cb2d20a62a5
SHA256

ad90736eea120efefa04cb406bd4ec115cd82fa3df4069754db280d7d7714e87
SHA512

498ae8af239e99af1ef83f989cf80ca70f0d0baed02d7722da76b0130f22d3085be728425d3fefc5e227c01a6e6fad53b49801642fb7737190d13308c1258673
SSDEEP

6144:xrkohxK0T4RYAbIlmGyaBafHGQDPwUij7sJ660lz9b0i1:xrTg0T4RYHiPwUivMil1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2740	2844	60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe	29
PID 2844 wrote to memory of 2740	2844	60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe	29
PID 2844 wrote to memory of 2740	2844	60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe	29
PID 2740 wrote to memory of 2436	2740	csc.exe	30
PID 2740 wrote to memory of 2436	2740	csc.exe	30
PID 2740 wrote to memory of 2436	2740	csc.exe	30

C:\Users\Admin\AppData\Local\Temp\60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lmf4xdhj\lmf4xdhj.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES362D.tmp" "c:\Users\Admin\AppData\Local\Temp\lmf4xdhj\CSC7246D83EFB04449293A5591839A692.TMP"
    3⤵
    PID:2436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES362D.tmp

Filesize
1KB

MD5
166767e26e73aecb2f3433bd3107d1c3

SHA1
e9c5e275ba6b6b43c00dbcde8b20d94aa9d7ac5c

SHA256
ad6c77a461ec6bf78b23444c7b592a38f29c0e83d0fb8d713e85f5bfca8a6f55

SHA512
a549be3a6aca24955d4b71829a4e83efad72d7580db7495b93a3d75419a158d9e4e9943eab18deab31dad5238fd6b24261deaf0fff341bbb7f4dd397beba4222

Download Submit
C:\Users\Admin\AppData\Local\Temp\lmf4xdhj\lmf4xdhj.dll

Filesize
4KB

MD5
6a4a1e65b4f7677261a2ac919c083e3c

SHA1
cf6fa0cbb250b3dbecc51b3949daa7cda408985a

SHA256
8e1a15fde0a411775eee6f8245fb08097cd4a2aa88a44534b39d0840c544af50

SHA512
07d1d82b16fbaf436a296190b5d1b4ced9e3473d9736e2011dcd7fdd3a11d725a550f0390fb156c5b23708140971b924c8af42f2aa69517111bdaeda8ba9b80d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\lmf4xdhj\CSC7246D83EFB04449293A5591839A692.TMP

Filesize
652B

MD5
a4a09bcd01de34331b1ba7d079e3bfc9

SHA1
a9cc4b4dec111d5c0b9471ee25bb8b7adc825b0d

SHA256
fdddfa95f89a2b6cc75e84d0842849a46a9782ab8e56ab7992b6b5f2d28151a2

SHA512
defb2556b0cdeff9915581f1ae0cedd719b0b70c79fbc81b2b0dba76c6d4a7825bee5cf2586775825bc99ea05e8d2ac9e649c909696e6f1fbcbc3205369269f4

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\lmf4xdhj\lmf4xdhj.0.cs

Filesize
1KB

MD5
f420ebb3150f0764331a33377a7451b8

SHA1
8ed9b9d610e8ab76aea82a3830ad31059517630b

SHA256
dfb6ab38744b3a4e17cf7fa75b3126e88cbeabc907008f3921ff41c523a99a27

SHA512
b92767736261cb7c10f58576c44e62cd0d105e90e139b376d52ccb5cb7ca189205a1f7d7a5fec5d739f8763eded8b5c55b9057217fe9a55b1e151dc700760cbd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\lmf4xdhj\lmf4xdhj.cmdline

Filesize
208B

MD5
49e55b24a9ec01b6184ee586134b59e7

SHA1
b216465f491ec25694bb988094397fdfe065ec7a

SHA256
2ef8381d29dc5570b834711d6c426b90e92b3390f94b77a700b8d7bc1727c0db

SHA512
813c3a49722e9b4522617fff7268825fdb5605a0396e0927eeafad4909b26b5a0b79e8bca322fb2ea2245329fca1ef14dd04412bf7c6473c2054180e1a5033e5

Download Submit
memory/2844-11-0x0000000001EE0000-0x0000000001EFA000-memory.dmp

Filesize
104KB

Download
memory/2844-16-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp

Filesize
9.9MB

Download
memory/2844-13-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp

Filesize
9.9MB

Download
memory/2844-12-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp

Filesize
9.9MB

Download
memory/2844-0-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2844-10-0x000007FEF5343000-0x000007FEF5344000-memory.dmp

Filesize
4KB

Download
memory/2844-9-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2844-27-0x0000000001F20000-0x0000000001F28000-memory.dmp

Filesize
32KB

Download
memory/2844-29-0x000000013FFC0000-0x0000000140019000-memory.dmp

Filesize
356KB

Download
memory/2844-30-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads