Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 03:34

General

  • Target

    9ef61f4b5ccac5db2f07dc783fe5f340_NeikiAnalytics.exe

  • Size

    33KB

  • MD5

    9ef61f4b5ccac5db2f07dc783fe5f340

  • SHA1

    008d7f1cb2a93043781693901f09b274c346afa7

  • SHA256

    4fc6e6cf0c8d0da772e90e9dc2b9d7b64de4825b413e4366ce951029ae801f8d

  • SHA512

    9c0d81dd228dbfb9e2c99155c90ef5b4b33280f1fe65c5e435dd3944d3d2820f58c7bb685dc0ad014312f51fdcab2d9ea5cac1c1852b27f23cc2c8828693d9b6

  • SSDEEP

    768:9qSqC8+N5ozQQkncwxWmNXMX3cX8wtgg/X/zCtgcgCEX8u/vSXrXrXrXrXrXyR:9rqfzQQkamN88Fr277777m

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ef61f4b5ccac5db2f07dc783fe5f340_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ef61f4b5ccac5db2f07dc783fe5f340_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:752
    • C:\Program Files (x86)\7861efff\jusched.exe
      "C:\Program Files (x86)\7861efff\jusched.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2936
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4120,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:8
    1⤵
      PID:3380

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\7861efff\7861efff

      Filesize

      13B

      MD5

      f253efe302d32ab264a76e0ce65be769

      SHA1

      768685ca582abd0af2fbb57ca37752aa98c9372b

      SHA256

      49dca65f362fee401292ed7ada96f96295eab1e589c52e4e66bf4aedda715fdd

      SHA512

      1990d20b462406bbadb22ba43f1ed9d0db6b250881d4ac89ad8cf6e43ca92b2fd31c3a15be1e6e149e42fdb46e58122c15bc7869a82c9490656c80df69fa77c4

    • C:\Program Files (x86)\7861efff\jusched.exe

      Filesize

      33KB

      MD5

      4b582266b93329002bfa4dd29a58bf5d

      SHA1

      798bc1bf2c0befa8c4f68518ca2dd4702a46ad70

      SHA256

      ddbadab4c714b8d12537ad13f8a56c2562f831f0de938be3f1af16bac81e4d58

      SHA512

      ebff43990fb325061fc0c992d1203506533868edd1698620b475f7f4ab9fcbbb2c3bf794d7c1cdcc38a7e559cc0885db385c5c3654c4dd499f407c9aec02cf7c

    • memory/752-3-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

    • memory/752-5-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

    • memory/752-4-0x0000000000401000-0x0000000000406000-memory.dmp

      Filesize

      20KB

    • memory/752-1-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

    • memory/752-18-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

    • memory/2936-19-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

    • memory/2936-15-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB