Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 13:21

General

  • Target

    7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe

  • Size

    303KB

  • MD5

    7f9a478d1c29c2d000a4dfc2e3c493e0

  • SHA1

    6a5c7afc80c03493bdc824d327aaa8dd0249b9a7

  • SHA256

    d653b46d3b298c1f4d42edabc701ece859cf2d4a3fa80471c0df6e9a10e28706

  • SHA512

    33770b150be7ba17a5d4416116aa70c56a756f360410d9d8d30bda137e67ff291655213bed0f555b9737f6a3716e92439243f3c4e02252553c99717b758e91ce

  • SSDEEP

    1536:wV61OQr8x1Di7+p5DuzCbnuEMgFNmnBWInd7dGiiLsyAmRL+:wV6H4c+p5DuzVF4EnGiiIyAmRL

Score
9/10

Malware Config

Signatures

  • Contacts a large (2065) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Modifies registry class 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\bzptucxd.dll
    Filesize

    103KB

    MD5

    7e2e490513a57f35e27531398b55f655

    SHA1

    a773013f2e5f796f214a4e21c8da569d44bbc1a6

    SHA256

    90c963fe367353eb7c52197e5b925a7505300ab00a1ca1c2659c0733c98a9892

    SHA512

    aa6a4360ad660102058b3fc36a8e1ffcbf934554feb6b8b2ac51fe6c6eafa3a11756f545d62dd8ab8c4ded3b20026fc2b3f85c1f359b9ca8c1894240991598c1

  • C:\Windows\SysWOW64\nnmjirwj.dll
    Filesize

    103KB

    MD5

    4456ccf225fe533d1d79e76a2a67e12b

    SHA1

    2a0978d3928e91536b8bd0616f65037c79c2978b

    SHA256

    f4b1a14ba1f697eead220145d0605b9679a5b7f95cc213900b6ce67a2d7f8f6c

    SHA512

    321d058778fb3ed254b58d6040b540de9c781dff6f4b09e4d6a4e5a90bde1bf368458618cc8180d01bdfcbf798125d7c1355b7a05e35531366933d5e1edb05da

  • C:\Windows\SysWOW64\qgrwncle.dll
    Filesize

    103KB

    MD5

    f231db98798f09ee7ab1eb49924727d3

    SHA1

    a75c64852968fad2c981a21277c3d89d8338b367

    SHA256

    cc1e46b50fc41fc7e70ff32ae2af3871587760c4cdcd5012ff9bfb42f1fe593b

    SHA512

    61f37fa0a9c512576b2a50551fb9521d7b2ef32d25af3693d9783ab1adba618b84ab03b32b577efdc10adc1ec2c167d911ca19e86936b3993b00127a7032fdc7

  • C:\Windows\SysWOW64\uwuwjdma.dll
    Filesize

    103KB

    MD5

    026c4d22bf4964f07533ea314b7cfd0e

    SHA1

    4c3a5481928065affc1d162a10be7136a1eb2384

    SHA256

    00d2cc39231d58471a55057c81240017db70fc35dad2bbcc928df1e6ebc606ea

    SHA512

    9bf87ae8d8f485310688767fdccae88d3da34281744e6c28a558c90c2d562583173de849c3a4f91251ee30ef36dc7c22027bda58b95fd910c7fcd995fb90f25b

  • C:\Windows\SysWOW64\wvmrghnx.dll
    Filesize

    103KB

    MD5

    42c5137395b03dc4f331ba244daeae2a

    SHA1

    6afa1b4bbd6e97a580d7e6be0c1ecc25687508a6

    SHA256

    001fe91868e76815c2bd9f782f33655a050565b742d487d9570aa6cfd6ba9a48

    SHA512

    a6013f267f7dd9013cd7b42bb265d9316ee3afae538e62c840048689b468a7caa056c20e70bf291f83ed4d82ad6afc83ceaae20722cb2b3cb0ac5762dcab435a

  • C:\Windows\SysWOW64\zponxwqx.dll
    Filesize

    103KB

    MD5

    b74d73fdd258f3e3d3cf0d73fcd6ba24

    SHA1

    6ab8af4f855dc256a7452f2e7fc9d03d1093760d

    SHA256

    d04183c8f28f9d619852b7c1eec9585af8f13c71083fe75e3a4052c491b6f72e

    SHA512

    01b03b45db3bed539d59ea6283995275143b3513b56e8677224dc7d0bd1259fc3dad11f1fdc6bf3552398a706ea8284150d86a139c130edbb22ba0bcac9874ad

  • memory/2176-174-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-336-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-10-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-17-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-24-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-33-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-42-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-193-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-58-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-63-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-71-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-76-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-80-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-89-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-94-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-99-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-105-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-108-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-113-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-116-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-119-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-128-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-133-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-146-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-155-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-166-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-6-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-178-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-181-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-187-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-203-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-7-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-51-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-204-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-209-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-215-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-219-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-228-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-232-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-234-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-239-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-241-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-246-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-249-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-255-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-258-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-264-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-268-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-273-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-278-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-286-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-290-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-296-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-320-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-321-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-326-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-330-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-332-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-200-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB

  • memory/2176-0-0x0000000000400000-0x0000000000436000-memory.dmp
    Filesize

    216KB

  • memory/2176-1436-0x0000000000020000-0x000000000003D000-memory.dmp
    Filesize

    116KB