Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 14:44

General

  • Target

    c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    c506650ad9138ffde6620e23b3c42d90

  • SHA1

    293edf0c6028b3cbc39400eb449f7d8b16a5559a

  • SHA256

    0b0b4a48930c16a3abf27ec4eff34eb05d4b2d351438e3fc0708a0a54150355f

  • SHA512

    c55dbae0916d1744ab051b1772da0e6a17a667ebb7c4011c96f8bd6bf6f5998cecdb7cc47f96164e51d3f8e9f245e0bfc0c8df461e8a4546312c231dc4e68bf7

  • SSDEEP

    98304:dxQeMwGjZjYfQfQEK9EmEZiUMVvMCeMXlnzBB0YGYt7AjYVglqWoQTtes8tWlJ:YeW8H9EmEZ29MCr1zBB0PqAjfkW/tesN

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe"
      2⤵
      • Loads dropped DLL
      PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI21082\2.exe.manifest

    Filesize

    1005B

    MD5

    bfac74236f1e608af27428665adc4b2d

    SHA1

    be0b54e633d97f6d7748cb7ec22e0ccdccc39977

    SHA256

    a7a1e535948b381901a22e15d1a5c5ea40787ae1a8f2ae7a42971d378ffbba9d

    SHA512

    c93aa76ea7293131ba2f8283175f45bd8e442549e796927d75e1cfa4c6dbae3189c9c9f93097ad3ac60609f06218e30fbc627d2e13c8c91a3f299d13f03d9508

  • C:\Users\Admin\AppData\Local\Temp\_MEI21082\MSVCR90.dll

    Filesize

    640KB

    MD5

    c57d4e31734fa87dc4d5dd236fbf534c

    SHA1

    a918b8bbe6f91b94c95f00046719ff05f01e2db7

    SHA256

    d7566fb962532f1250eeb1149fd65a9f5abce97995cfa5b89d5cb8f502f08dee

    SHA512

    4aa9dd98fedf22f77b113195ad58c27dd02bd7bbc41942aaa837f303d9ed0b7d39a7573befc33dade229c82634adc9238aa7e5f9018e60d97ac9e0340d2f1e76

  • C:\Users\Admin\AppData\Local\Temp\_MEI21082\python27.dll

    Filesize

    2.5MB

    MD5

    018a9873015fddb712d44d36ba09e676

    SHA1

    94603bd77d3d1d73c49494f21efb891fb38ad0ac

    SHA256

    db5abf8f14c45843bdf4a65bff502b9e5bfce0fe969121b14168cb609ae0caa4

    SHA512

    5fced694f06672fedb21f63ed3461908ab698fe7e567b0b210d3c61c7791857e29fe3034160109516f5312676d3c80e42f67449c23e4544ecce77c9a67b23d7a

  • C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_ctypes.pyd

    Filesize

    90KB

    MD5

    6ae4a18b7591824366b0b41f24d52d45

    SHA1

    e22e8abf69c8676b68fe42d9f26c2bd5f731af39

    SHA256

    f943df92c70b640b6462312a048d92df8d2e4447129a6d2b75f8f99d6b5d641a

    SHA512

    f882514fb21191c16dd0e778a26400e3614622df3da9e75da8360def79aeb23d96c820e10351a103ce910272192d39760f271d20cbb3763ef1d8b427b676559c

  • C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_socket.pyd

    Filesize

    45KB

    MD5

    1a5c016edfe7fe97de9d31981f048044

    SHA1

    ef9ddea3006a8d89bf89099f8952290f05d6f75c

    SHA256

    85a8bf57179152370bc1598d4fc8d6d7fe31ea839c4c6b0f2c20e52a87b8d101

    SHA512

    bed7dd0c5f3082555710e01ffba164e33f3c45522429657b6768c8c39affeb9dec516fcbc5a2f833b5cab83dc1bd616c1774df7662e83fe55f5fcd4ff4083f78

  • C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_ssl.pyd

    Filesize

    1.3MB

    MD5

    8fd7848b51ea13322302f7683ab622e3

    SHA1

    fe667643d8cf57c228c3eb35a65d5c5c0ad236f8

    SHA256

    bf7015462eca2a7b049085ef5879dbabc8ca1eba65e7b84379fb57e392f28f65

    SHA512

    ad848cbb867d02bc4afffe48b168c4b0707c100861d5b8410ce21ec2c2466db33998bf43ceb894bc80b6daa475275fecf9d47a1b1917538013490d29c030c16b