2a88a22c42bd13379b0249e0a559bdf0636794b38bada0c14cf511fc7f2542a1

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14-06-2024 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a04718bc955a8992a98fffb4f3df11d0_NeikiAnalytics.exe
Size

87KB
MD5

a04718bc955a8992a98fffb4f3df11d0
SHA1

95403a00adb6c89538c53aa7730cfce4bde0a7ca
SHA256

2a88a22c42bd13379b0249e0a559bdf0636794b38bada0c14cf511fc7f2542a1
SHA512

bb9ccb325f43beb6f4fb9dad5344dc95a62b7aca680ee9a0d10aaa5fbb5d39212db9727cdde52ee2c1bde413eafda5f9aac24d52061ea87f33389fd95ab74801
SSDEEP

1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfwxWOT:fq6+ouCpk2mpcWJ0r+QNTBfwn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2256	2368	a04718bc955a8992a98fffb4f3df11d0_NeikiAnalytics.exe	28
PID 2368 wrote to memory of 2256	2368	a04718bc955a8992a98fffb4f3df11d0_NeikiAnalytics.exe	28
PID 2368 wrote to memory of 2256	2368	a04718bc955a8992a98fffb4f3df11d0_NeikiAnalytics.exe	28
PID 2368 wrote to memory of 2256	2368	a04718bc955a8992a98fffb4f3df11d0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\a04718bc955a8992a98fffb4f3df11d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a04718bc955a8992a98fffb4f3df11d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\DF5.tmp\DF6.tmp\DF7.bat C:\Users\Admin\AppData\Local\Temp\a04718bc955a8992a98fffb4f3df11d0_NeikiAnalytics.exe"
  2⤵
  PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DF5.tmp\DF6.tmp\DF7.bat

Filesize
129B

MD5
8f00fad302600a41b690a23296dcca5c

SHA1
54f38017ae7c64fcb61586fcfdd1bfc3e4ab6501

SHA256
01d7ad525b226c879e0a2df35024db0582ef53c0c79951c64c7dabe134228126

SHA512
0d27124fa05b7b8749e3e92a97ad387292f09e23112555bfefc90720eeb6c788140ad604fd31f9815f52e4cb4c1122067c25904646614830613bb58d0f47ce3d

Download Submit