ad90736eea120efefa04cb406bd4ec115cd82fa3df4069754db280d7d7714e87

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe
Size

320KB
MD5

60b7aa4ea638f374b44cc2676ad447a0
SHA1

714f413a11abc1cb26b85dfcfdbb3cb2d20a62a5
SHA256

ad90736eea120efefa04cb406bd4ec115cd82fa3df4069754db280d7d7714e87
SHA512

498ae8af239e99af1ef83f989cf80ca70f0d0baed02d7722da76b0130f22d3085be728425d3fefc5e227c01a6e6fad53b49801642fb7737190d13308c1258673
SSDEEP

6144:xrkohxK0T4RYAbIlmGyaBafHGQDPwUij7sJ660lz9b0i1:xrTg0T4RYHiPwUivMil1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 3184	3880	60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe	89
PID 3880 wrote to memory of 3184	3880	60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe	89
PID 3184 wrote to memory of 4596	3184	csc.exe	90
PID 3184 wrote to memory of 4596	3184	csc.exe	90

C:\Users\Admin\AppData\Local\Temp\60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\h1nmufib\h1nmufib.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3184
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES55FF.tmp" "c:\Users\Admin\AppData\Local\Temp\h1nmufib\CSCAD75CB55BBBB45DB945D976598DD419F.TMP"
    3⤵
    PID:4596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES55FF.tmp

Filesize
1KB

MD5
b8727c8ca738a3e497206cf008a0a8cb

SHA1
7ec48abe37e1cb425275aabf1a371c0473d2b9f3

SHA256
b62870250bfd5f49424be86c074247fe345fb8ccd2f0fced3af9a2e9cc1de51e

SHA512
9e2be4e1e95818b6d57c1091b18f367eda6cd9a1a151d1e4fe5f7aa4c3a59acb7395b3769461b71861148d43d6b306081a36564226dd515aba0a01ef0b53b7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\h1nmufib\h1nmufib.dll

Filesize
4KB

MD5
c7c172df867782e9b7fbbd166d2b66a5

SHA1
743696987e1e3d9ecfb974588ed38bcecb7d7594

SHA256
68bf013a088b340bf79cfd07d928140ac7dc6a6619d6c6b0c8eb114daf3fe376

SHA512
b8f0e220bbd5da23593bbb9b643371cec2c3a93199a7707ccda059c0af7abd149833beb6d80002f651397770a51a84eddc4301d0ba219927f9384f8509b774e6

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\h1nmufib\CSCAD75CB55BBBB45DB945D976598DD419F.TMP

Filesize
652B

MD5
713f9aeb21ccb3e99bb3381c4540d6ee

SHA1
d8a83b391abbec4d4941338eabe1f3aea55928f5

SHA256
a9befb7094c94120609c4e7ff43c63547784f1e68b13ac934a216b125a6cc699

SHA512
513e4c266a12f819c317bb0a8980b8f7a60c7964aaabedbc8697a59d1145047376000e020ecb8c94ff9ebf46b06ba5be1de9322c93e757c2907f8419829a6882

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\h1nmufib\h1nmufib.0.cs

Filesize
1KB

MD5
f420ebb3150f0764331a33377a7451b8

SHA1
8ed9b9d610e8ab76aea82a3830ad31059517630b

SHA256
dfb6ab38744b3a4e17cf7fa75b3126e88cbeabc907008f3921ff41c523a99a27

SHA512
b92767736261cb7c10f58576c44e62cd0d105e90e139b376d52ccb5cb7ca189205a1f7d7a5fec5d739f8763eded8b5c55b9057217fe9a55b1e151dc700760cbd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\h1nmufib\h1nmufib.cmdline

Filesize
208B

MD5
595f41431e15d03d04ec94b621a9fda1

SHA1
083b8aff98f97bee80f25b7cc1b4f1e4a187e4ed

SHA256
86a3d0ff1b1405f8f230882967e26fd1dca5e0082cb2ac45096557cc4a61bedb

SHA512
208996b825cbfb8deaa9ce9a8b36987ddccfd67b079140729f7bae03aa13902a82865db84e5af9563ea1ef73ead2f2ecad8fb28ed8dcb8f8916ab859ed2e124b

Download Submit
memory/3880-12-0x0000020DEA090000-0x0000020DEA0AA000-memory.dmp

Filesize
104KB

Download
memory/3880-16-0x00007FFEDE550000-0x00007FFEDF011000-memory.dmp

Filesize
10.8MB

Download
memory/3880-0-0x0000020DE9F70000-0x0000020DE9F71000-memory.dmp

Filesize
4KB

Download
memory/3880-18-0x00007FFEDE550000-0x00007FFEDF011000-memory.dmp

Filesize
10.8MB

Download
memory/3880-11-0x00007FFEDE553000-0x00007FFEDE555000-memory.dmp

Filesize
8KB

Download
memory/3880-10-0x00007FFEFCBB0000-0x00007FFEFCDA5000-memory.dmp

Filesize
2.0MB

Download
memory/3880-9-0x0000020DE9F70000-0x0000020DE9F71000-memory.dmp

Filesize
4KB

Download
memory/3880-27-0x0000020DEA0D0000-0x0000020DEA0D8000-memory.dmp

Filesize
32KB

Download
memory/3880-30-0x00007FF66E7E0000-0x00007FF66E839000-memory.dmp

Filesize
356KB

Download
memory/3880-31-0x00007FFEDE550000-0x00007FFEDF011000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads