Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 10:44
Behavioral task
behavioral1
Sample
b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe
-
Size
8.9MB
-
MD5
b5b79a957a2c0dfaf41e6d1460350770
-
SHA1
652f4a33bcdb0ebbb0f0783a8ce7a4f674f6a763
-
SHA256
4e6f108a8aca040d8ff8a3fb47ee974e32c6fe3ca5f190ac3de06fda5b0f4f69
-
SHA512
3ea25d120b38a4e56e33c95e4b1b5961bb17e1df8e6d93247a7e220a53459bae23718e35f9534001e9f2e18bb5858809b1cb4ce1dca57f6e1585e20d6fcfac12
-
SSDEEP
196608:OrMGrKDpFC4g0A/GvTNJm3AqZ8ZJ9BIBxIF17nuhlk2euseq:9HLgnGb/m3pIYXIn7uhlk2euq
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exepid process 4540 b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe 4540 b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe 4540 b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe 4540 b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe 4540 b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe 4540 b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe 4540 b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exedescription pid process target process PID 1208 wrote to memory of 4540 1208 b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe PID 1208 wrote to memory of 4540 1208 b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1208 -
C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"2⤵
- Loads dropped DLL
PID:4540
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
98KB
MD56ba0dbcd2db8f44243799c891dbd2a59
SHA130a2719d4b8667fd237bcfb781660901c993d9fc
SHA256263988a0868053b6b01835cd2959c8f71e3f943610421b269da646f2d9e3b333
SHA51294dea85ef50d55cec0d1bbae4671386ce8ca02e870ce417abfef0a8499fdf0bd0eb5ba38debd07c213f7da39cbea63a18143484b05e9c7ca36b2f68e4520bb4d
-
Filesize
84KB
MD56909da62abc73216883a89a60b66e73b
SHA1015eb36344e5f3fe2df467bd47a04bded616b052
SHA2564c22e0d2786dd7e93f55e1f4a1c27d2e141a55682ed2c09b90320817fcf011f9
SHA512eddabb51b6092b3c3e3b6968ea831a262f8f5f8a26b1c95badc616ca236d0928aa789334835130ec40137ffc623b5d2031a585e890162b489a26fd990845b63a
-
Filesize
247KB
MD5af8385e0cb374ae6caee59190175dd12
SHA1a16d7d021ec3fa31fb1b2ce5929c2d3d4c96d6b8
SHA256e414ee3efa6a4e1edf610dd780335ab9372cbe7919a73596bbb267b55ad23999
SHA5123e4e26bbcf14ebcb4faedb8982c46b3f5318c88dd395c668c50e4f5ddbfe6c1836eb49e49e855cc95934e8247e63df0f7543f66e4fe13335558fc21c0c566b5b
-
Filesize
1005KB
MD5f6acf8223a4130669a0f61f39016191a
SHA1b7e69e96fdb19a92454f491adf3646893e80f896
SHA256bedaaa60d9e60b8b12c1698adc9c9aebe9516368d5fa34dd84283abccd111a31
SHA5126d2742d3f758640ec66db207aa957b03088352bbad2fe06b191b0d5073e44f5b9370c16a9279471a49b1918fdaa11c27af4a64da687b84fcdd1b69334b8efe02
-
Filesize
4.0MB
MD5c0ed63bf515d04803906e1b703e9cb86
SHA161f9a465d7a782aedfd5e2b1a9dc8bff6c103b5a
SHA25624bfc999a733d4759ca40425610555f597b1d015f87ef5f84e15c665297247a4
SHA51278384c34cefc40cb86913dffdc6a360668467731a8a3678d5f8377d8ae63d244b45506b0b6e2498825b53abe8fd84d2b75b3e9fef3703fead90183ace433e70a
-
Filesize
701KB
MD505b45f17290a76568c61c0ffcb445b67
SHA1c8f39f7d98a29a520f940dafc4d39f1ab0208b0a
SHA2568056e931df9a8ba6a3d2def3033361be64a6f81eb5ebc99c3afa4484dfd0e8f3
SHA51280e6e9a7484d6d620a07eed2f8b0adc3190d85f05ae74ba8af111611ec6f394d70a08e8372a51b9dd4ead602c8895f46a91a99c1701e9234f06484d96d3238d7
-
Filesize
137KB
MD5b6edd1f02eda832beaf5be3b87354667
SHA1d7ee654a79a8b49adbce5bcdf31f1038004a7f46
SHA25695d8327ef84c8563e476c0f16d21e9a045d04a6987afd4260f97ccc856b08926
SHA512fb99baa053504def4da425829501433cf5b9800707705e09e826eda4334d0481bf15ee05836e1c3fd6966970e02d883a173dd71031097ead38c33f6af0b94338
-
Filesize
137KB
MD5938235f10520de4169043b4eb20050c8
SHA102ae94126f79f96feaa60c7bfbcffcc540a84892
SHA256a27f2f515bd5b18725e412cfc0d9fa0fb35ad75c037a6d1a66ad891d032a5744
SHA512cda79d6e9b0ee7d30ebdb969f56397d01cb43b59e8b86e8f0f04764a5aa6261c691a3bd713ac15ebdf760421588db4fdfcefc019e02cf2df1050c3b6b919baaa