Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18-06-2024 13:38
Static task
static1
Behavioral task
behavioral1
Sample
4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe
-
Size
366KB
-
MD5
4c276213761e704f93fcaa1c70596b50
-
SHA1
360a60872c971d369815d4244391b7374f298b23
-
SHA256
c45f88ab04fb740e7956f8d83a29f5d2c68ad9495dcba3d1102f8d91bc120448
-
SHA512
d5721fced4504f37a905b39bf87c8515be13c4cc6944e718edd1413f1d50e4247f80bcb91be885d37c2be21aa80a4a7f3927a2e7227cf0c3ec805a5b22315885
-
SSDEEP
3072:gVMfMIbIrw3J9Q/s8kZUBqOHHlxFT36bZohhvW18qgY+BC3K5eqU+BC3K5eqYro8:NfMmd+/stuqsHbFz6behUMwK70K7o
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Executes dropped EXE 1 IoCs
Processes:
gjsfhjk.exepid process 3000 gjsfhjk.exe -
Drops file in Program Files directory 2 IoCs
Processes:
4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exegjsfhjk.exedescription ioc process File created C:\PROGRA~3\Mozilla\gjsfhjk.exe 4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe File created C:\PROGRA~3\Mozilla\eurgebe.dll gjsfhjk.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
taskeng.exedescription pid process target process PID 2388 wrote to memory of 3000 2388 taskeng.exe gjsfhjk.exe PID 2388 wrote to memory of 3000 2388 taskeng.exe gjsfhjk.exe PID 2388 wrote to memory of 3000 2388 taskeng.exe gjsfhjk.exe PID 2388 wrote to memory of 3000 2388 taskeng.exe gjsfhjk.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe"1⤵
- Drops file in Program Files directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {A25644CA-8161-49DB-958D-9A5745E23C72} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\PROGRA~3\Mozilla\gjsfhjk.exeC:\PROGRA~3\Mozilla\gjsfhjk.exe -tuxiydl2⤵
- Executes dropped EXE
- Drops file in Program Files directory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PROGRA~3\Mozilla\gjsfhjk.exeFilesize
366KB
MD535d923447b3fcb17ba39f3ad44eb726a
SHA13cba838028facc1f4919fdd77ad4b9acb5136b16
SHA2562537bc2f2c754e26faaddd9fd7c42e6280b313b95780b47c33eddc408d20062a
SHA5124fd85a0b966f57619893b497e00240d641eb851ac26ad07f8d32fb0f276e7c7c7010ec130c3d9402eba272e66dead8b5bb21b7250206139dbcc6e43026633b64