Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
14/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe
-
Size
4.4MB
-
MD5
957ff1d3134c41958de1abbdd2bdcd00
-
SHA1
e7d0e96db1c0afc9688b8690fb45558ca422bbf9
-
SHA256
3c7045392623b0c3e59214eeb765f9b8f903d3dcd1662e865ff1afe67714e725
-
SHA512
e1ce263b08e729d234f3bf10e1a45546bb36442f74a32bd1902dc20fe18537452622e9dba6dfcc270eec065ed6bc9de97f1895779f417de88421fdcc9b5d8c8b
-
SSDEEP
98304:emhd1UryeeT2+fqXZCSV7wQqZUha5jtSn:elKfKZ/2QbaZte
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2068 9F2C.tmp -
Executes dropped EXE 1 IoCs
pid Process 2068 9F2C.tmp -
Loads dropped DLL 2 IoCs
pid Process 2912 957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe 2912 957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2912 wrote to memory of 2068 2912 957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe 28 PID 2912 wrote to memory of 2068 2912 957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe 28 PID 2912 wrote to memory of 2068 2912 957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe 28 PID 2912 wrote to memory of 2068 2912 957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Users\Admin\AppData\Local\Temp\9F2C.tmp"C:\Users\Admin\AppData\Local\Temp\9F2C.tmp" --splashC:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe F71C25DA582C3DD981A9F2869B556BAFFD913425CD15544A5466091A868E2F7D8F5B78B01ED373645AD30B4AA78E72AD2B1E72083525B2868E24D83B304EA9042⤵
- Deletes itself
- Executes dropped EXE
PID:2068
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.4MB
MD54bbab02fc85e193f5bba464ea365b269
SHA13f43047e42c9dc04c03bd6e826faaced10909612
SHA25669c61fb36b80d68bcac1ecd0ee4d6c195ef2b81eeed729d681d17574a57f90b0
SHA51214966b8017369f333f43d5fb0b83c282d253cf1fdf7931280a4470a8a33faa93d4c7633b999699aa7a842a2dfbac310dd3cad615d72e413e9171dd600bc87adf