Analysis Overview
SHA256
c45f88ab04fb740e7956f8d83a29f5d2c68ad9495dcba3d1102f8d91bc120448
Threat Level: Likely malicious
The file 4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe was found to be: Likely malicious.
Malicious Activity Summary
Event Triggered Execution: AppInit DLLs
Executes dropped EXE
Drops file in Program Files directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 13:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 13:38
Reported
2024-06-18 13:40
Platform
win7-20240221-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Event Triggered Execution: AppInit DLLs
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\PROGRA~3\Mozilla\gjsfhjk.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\PROGRA~3\Mozilla\gjsfhjk.exe | C:\Users\Admin\AppData\Local\Temp\4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe | N/A |
| File created | C:\PROGRA~3\Mozilla\eurgebe.dll | C:\PROGRA~3\Mozilla\gjsfhjk.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2388 wrote to memory of 3000 | N/A | C:\Windows\system32\taskeng.exe | C:\PROGRA~3\Mozilla\gjsfhjk.exe |
| PID 2388 wrote to memory of 3000 | N/A | C:\Windows\system32\taskeng.exe | C:\PROGRA~3\Mozilla\gjsfhjk.exe |
| PID 2388 wrote to memory of 3000 | N/A | C:\Windows\system32\taskeng.exe | C:\PROGRA~3\Mozilla\gjsfhjk.exe |
| PID 2388 wrote to memory of 3000 | N/A | C:\Windows\system32\taskeng.exe | C:\PROGRA~3\Mozilla\gjsfhjk.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe"
C:\Windows\system32\taskeng.exe
taskeng.exe {A25644CA-8161-49DB-958D-9A5745E23C72} S-1-5-18:NT AUTHORITY\System:Service:
C:\PROGRA~3\Mozilla\gjsfhjk.exe
C:\PROGRA~3\Mozilla\gjsfhjk.exe -tuxiydl
Network
Files
C:\PROGRA~3\Mozilla\gjsfhjk.exe
| MD5 | 35d923447b3fcb17ba39f3ad44eb726a |
| SHA1 | 3cba838028facc1f4919fdd77ad4b9acb5136b16 |
| SHA256 | 2537bc2f2c754e26faaddd9fd7c42e6280b313b95780b47c33eddc408d20062a |
| SHA512 | 4fd85a0b966f57619893b497e00240d641eb851ac26ad07f8d32fb0f276e7c7c7010ec130c3d9402eba272e66dead8b5bb21b7250206139dbcc6e43026633b64 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 13:38
Reported
2024-06-18 13:40
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
51s
Command Line
Signatures
Event Triggered Execution: AppInit DLLs
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\PROGRA~3\Mozilla\ywswmda.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\PROGRA~3\Mozilla\ywswmda.exe | C:\Users\Admin\AppData\Local\Temp\4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe | N/A |
| File created | C:\PROGRA~3\Mozilla\dzldqrl.dll | C:\PROGRA~3\Mozilla\ywswmda.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4c276213761e704f93fcaa1c70596b50_NeikiAnalytics.exe"
C:\PROGRA~3\Mozilla\ywswmda.exe
C:\PROGRA~3\Mozilla\ywswmda.exe -zhzkoil
Network
Files
C:\ProgramData\Mozilla\ywswmda.exe
| MD5 | e0d765a68ee5caa3cd2647f76259f2c9 |
| SHA1 | ee6e8bcc05f18ef8fb470a1485e599f34354bee0 |
| SHA256 | 24f9ad59433ae4cf05b19f28f66a2f613578692444cff33884f58144226bda32 |
| SHA512 | 6bbe2ac2854a0fb7e0cddc871da366bf73a7f8459021f023f3f604d7c411332e58613bb792ec76026c8708839cdc588e8b47e4d3664ec097f580b08a4471f99e |