Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 10:44

General

  • Target

    b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe

  • Size

    8.9MB

  • MD5

    b5b79a957a2c0dfaf41e6d1460350770

  • SHA1

    652f4a33bcdb0ebbb0f0783a8ce7a4f674f6a763

  • SHA256

    4e6f108a8aca040d8ff8a3fb47ee974e32c6fe3ca5f190ac3de06fda5b0f4f69

  • SHA512

    3ea25d120b38a4e56e33c95e4b1b5961bb17e1df8e6d93247a7e220a53459bae23718e35f9534001e9f2e18bb5858809b1cb4ce1dca57f6e1585e20d6fcfac12

  • SSDEEP

    196608:OrMGrKDpFC4g0A/GvTNJm3AqZ8ZJ9BIBxIF17nuhlk2euseq:9HLgnGb/m3pIYXIn7uhlk2euq

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"
      2⤵
      • Loads dropped DLL
      PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI21762\VCRUNTIME140.dll

    Filesize

    98KB

    MD5

    6ba0dbcd2db8f44243799c891dbd2a59

    SHA1

    30a2719d4b8667fd237bcfb781660901c993d9fc

    SHA256

    263988a0868053b6b01835cd2959c8f71e3f943610421b269da646f2d9e3b333

    SHA512

    94dea85ef50d55cec0d1bbae4671386ce8ca02e870ce417abfef0a8499fdf0bd0eb5ba38debd07c213f7da39cbea63a18143484b05e9c7ca36b2f68e4520bb4d

  • C:\Users\Admin\AppData\Local\Temp\_MEI21762\_bz2.pyd

    Filesize

    84KB

    MD5

    6909da62abc73216883a89a60b66e73b

    SHA1

    015eb36344e5f3fe2df467bd47a04bded616b052

    SHA256

    4c22e0d2786dd7e93f55e1f4a1c27d2e141a55682ed2c09b90320817fcf011f9

    SHA512

    eddabb51b6092b3c3e3b6968ea831a262f8f5f8a26b1c95badc616ca236d0928aa789334835130ec40137ffc623b5d2031a585e890162b489a26fd990845b63a

  • C:\Users\Admin\AppData\Local\Temp\_MEI21762\_lzma.pyd

    Filesize

    247KB

    MD5

    af8385e0cb374ae6caee59190175dd12

    SHA1

    a16d7d021ec3fa31fb1b2ce5929c2d3d4c96d6b8

    SHA256

    e414ee3efa6a4e1edf610dd780335ab9372cbe7919a73596bbb267b55ad23999

    SHA512

    3e4e26bbcf14ebcb4faedb8982c46b3f5318c88dd395c668c50e4f5ddbfe6c1836eb49e49e855cc95934e8247e63df0f7543f66e4fe13335558fc21c0c566b5b

  • C:\Users\Admin\AppData\Local\Temp\_MEI21762\base_library.zip

    Filesize

    1005KB

    MD5

    f6acf8223a4130669a0f61f39016191a

    SHA1

    b7e69e96fdb19a92454f491adf3646893e80f896

    SHA256

    bedaaa60d9e60b8b12c1698adc9c9aebe9516368d5fa34dd84283abccd111a31

    SHA512

    6d2742d3f758640ec66db207aa957b03088352bbad2fe06b191b0d5073e44f5b9370c16a9279471a49b1918fdaa11c27af4a64da687b84fcdd1b69334b8efe02

  • C:\Users\Admin\AppData\Local\Temp\_MEI21762\python38.dll

    Filesize

    4.0MB

    MD5

    c0ed63bf515d04803906e1b703e9cb86

    SHA1

    61f9a465d7a782aedfd5e2b1a9dc8bff6c103b5a

    SHA256

    24bfc999a733d4759ca40425610555f597b1d015f87ef5f84e15c665297247a4

    SHA512

    78384c34cefc40cb86913dffdc6a360668467731a8a3678d5f8377d8ae63d244b45506b0b6e2498825b53abe8fd84d2b75b3e9fef3703fead90183ace433e70a

  • C:\Users\Admin\AppData\Local\Temp\_MEI21762\pythoncom38.dll

    Filesize

    701KB

    MD5

    05b45f17290a76568c61c0ffcb445b67

    SHA1

    c8f39f7d98a29a520f940dafc4d39f1ab0208b0a

    SHA256

    8056e931df9a8ba6a3d2def3033361be64a6f81eb5ebc99c3afa4484dfd0e8f3

    SHA512

    80e6e9a7484d6d620a07eed2f8b0adc3190d85f05ae74ba8af111611ec6f394d70a08e8372a51b9dd4ead602c8895f46a91a99c1701e9234f06484d96d3238d7

  • C:\Users\Admin\AppData\Local\Temp\_MEI21762\pywintypes38.dll

    Filesize

    137KB

    MD5

    b6edd1f02eda832beaf5be3b87354667

    SHA1

    d7ee654a79a8b49adbce5bcdf31f1038004a7f46

    SHA256

    95d8327ef84c8563e476c0f16d21e9a045d04a6987afd4260f97ccc856b08926

    SHA512

    fb99baa053504def4da425829501433cf5b9800707705e09e826eda4334d0481bf15ee05836e1c3fd6966970e02d883a173dd71031097ead38c33f6af0b94338

  • C:\Users\Admin\AppData\Local\Temp\_MEI21762\win32api.pyd

    Filesize

    137KB

    MD5

    938235f10520de4169043b4eb20050c8

    SHA1

    02ae94126f79f96feaa60c7bfbcffcc540a84892

    SHA256

    a27f2f515bd5b18725e412cfc0d9fa0fb35ad75c037a6d1a66ad891d032a5744

    SHA512

    cda79d6e9b0ee7d30ebdb969f56397d01cb43b59e8b86e8f0f04764a5aa6261c691a3bd713ac15ebdf760421588db4fdfcefc019e02cf2df1050c3b6b919baaa