Overview

overview

10

Static

static

1

8038c05f9f...cs.exe

windows7-x64

10

8038c05f9f...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 13:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8038c05f9ff14c1b2f0df91a4c6ec070_NeikiAnalytics.exe

  • Size

    218KB

  • MD5

    8038c05f9ff14c1b2f0df91a4c6ec070

  • SHA1

    e7f0e08d50b43ca9c66f78e7045a08abf8091c28

  • SHA256

    06f4bb371fe6c04372c39c5a93d4859c0bc006f0bdbfa19eacc4c9af0339751e

  • SHA512

    10acc4dd04db63cc8d0a36fb09991d977fa507709a4cbd1cf041e7d975addcb58451e73bf3bb60a686955cdb34a8d64614c93a19ada33c4db378011277ef7e76

  • SSDEEP

    3072:Nvm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:B1SyAJp6rjn1gOObn4b6h9h

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8038c05f9ff14c1b2f0df91a4c6ec070_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8038c05f9ff14c1b2f0df91a4c6ec070_NeikiAnalytics.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Suspicious behavior: EnumeratesProcesses
      PID:4748

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\apppatch\svchost.exe
          Filesize

          218KB

          MD5

          be3c7837e854731318535cbea156d439

          SHA1

          9520750d9d31aa465c207068dc1bb8596db444bf

          SHA256

          afb090af0aa06a53cedb8fbe03534f8aa040f28d0f7b53e5d5525c85f2cd025e

          SHA512

          9a9859bb934167b6e10a7faba253cf19eb5cb80b740cec6313defe8f50076ca449fc32dd7bd43dfce0a2979fd4a9375d904b4a34ac72eb7769668248a9bf2e15

          Download Submit

        • memory/1384-0-0x0000000002650000-0x00000000026A1000-memory.dmp

          Filesize

          324KB

          Download

        • memory/1384-1-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1384-12-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1384-11-0x0000000002650000-0x00000000026A1000-memory.dmp

          Filesize

          324KB

          Download

        • memory/1384-10-0x0000000000400000-0x00000000005AE000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/4748-14-0x0000000000400000-0x00000000005AE000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/4748-15-0x0000000000400000-0x00000000005AE000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/4748-16-0x00000000028D0000-0x0000000002978000-memory.dmp

          Filesize

          672KB

          Download

        • memory/4748-17-0x0000000000400000-0x00000000005AE000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/4748-18-0x0000000002D00000-0x0000000002DB6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/4748-22-0x0000000002D00000-0x0000000002DB6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/4748-20-0x0000000002D00000-0x0000000002DB6000-memory.dmp

          Filesize

          728KB

          Download