Overview

overview

7

Static

static

3

4899fd3117...cs.exe

windows7-x64

7

4899fd3117...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17/06/2024, 04:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4899fd3117d37adb63a22735b9897f20_NeikiAnalytics.exe

  • Size

    49KB

  • MD5

    4899fd3117d37adb63a22735b9897f20

  • SHA1

    627783de6370650de01342b6c3338ed378b719c7

  • SHA256

    78093c96f50269a4749ae33720545dc937280ca4a23c6a9336936b6007c12660

  • SHA512

    0f34bf663a951ffdcb93c95dc3d860d9db1e9f99eaa6321d4ea6536bc6d4cfd9f154ae5a839f68a0b07943959b7628fdf10f0ae61b17b2a8129dff02743837ab

  • SSDEEP

    1536:ExovSYRFSUvslbYo7iwOQ7De+TFxqhHjrGZRQI6nr:AolLvTo7tOj+TFxqhHjSaI6r

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4899fd3117d37adb63a22735b9897f20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4899fd3117d37adb63a22735b9897f20_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:1728
    • C:\Windows\SysWOW64\rmass.exe
      "C:\Windows\SysWOW64\rmass.exe"
      2⤵
      • Executes dropped EXE
      PID:1740

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\rmass.exe
          Filesize

          45KB

          MD5

          68d3433373f88a34b6f43c6f6cff83d2

          SHA1

          aafaeeb46a44d897a18488d219e83285c8a55eb1

          SHA256

          044b8030b66cb4148662880c2740c9fc169eea6c591811f6233b734f8002ceb1

          SHA512

          72765bfc0397be635c2827ee83798d83c9da1a9002d5a54bddb3622b40ab4cfabba9519ca99096137cf8e64ad226895e07117fc9edcb591cd6c4b79dcf92796c

          Download Submit

        • memory/1728-5-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download