Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-06-2024 14:44

General

  • Target

    c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    c506650ad9138ffde6620e23b3c42d90

  • SHA1

    293edf0c6028b3cbc39400eb449f7d8b16a5559a

  • SHA256

    0b0b4a48930c16a3abf27ec4eff34eb05d4b2d351438e3fc0708a0a54150355f

  • SHA512

    c55dbae0916d1744ab051b1772da0e6a17a667ebb7c4011c96f8bd6bf6f5998cecdb7cc47f96164e51d3f8e9f245e0bfc0c8df461e8a4546312c231dc4e68bf7

  • SSDEEP

    98304:dxQeMwGjZjYfQfQEK9EmEZiUMVvMCeMXlnzBB0YGYt7AjYVglqWoQTtes8tWlJ:YeW8H9EmEZ29MCr1zBB0PqAjfkW/tesN

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:468
    • C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe"
      2⤵
      • Loads dropped DLL
      PID:4380
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3840 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1616

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI4682\2.exe.manifest

      Filesize

      1005B

      MD5

      bfac74236f1e608af27428665adc4b2d

      SHA1

      be0b54e633d97f6d7748cb7ec22e0ccdccc39977

      SHA256

      a7a1e535948b381901a22e15d1a5c5ea40787ae1a8f2ae7a42971d378ffbba9d

      SHA512

      c93aa76ea7293131ba2f8283175f45bd8e442549e796927d75e1cfa4c6dbae3189c9c9f93097ad3ac60609f06218e30fbc627d2e13c8c91a3f299d13f03d9508

    • C:\Users\Admin\AppData\Local\Temp\_MEI4682\_ctypes.pyd

      Filesize

      90KB

      MD5

      6ae4a18b7591824366b0b41f24d52d45

      SHA1

      e22e8abf69c8676b68fe42d9f26c2bd5f731af39

      SHA256

      f943df92c70b640b6462312a048d92df8d2e4447129a6d2b75f8f99d6b5d641a

      SHA512

      f882514fb21191c16dd0e778a26400e3614622df3da9e75da8360def79aeb23d96c820e10351a103ce910272192d39760f271d20cbb3763ef1d8b427b676559c

    • C:\Users\Admin\AppData\Local\Temp\_MEI4682\_socket.pyd

      Filesize

      45KB

      MD5

      1a5c016edfe7fe97de9d31981f048044

      SHA1

      ef9ddea3006a8d89bf89099f8952290f05d6f75c

      SHA256

      85a8bf57179152370bc1598d4fc8d6d7fe31ea839c4c6b0f2c20e52a87b8d101

      SHA512

      bed7dd0c5f3082555710e01ffba164e33f3c45522429657b6768c8c39affeb9dec516fcbc5a2f833b5cab83dc1bd616c1774df7662e83fe55f5fcd4ff4083f78

    • C:\Users\Admin\AppData\Local\Temp\_MEI4682\_ssl.pyd

      Filesize

      1.3MB

      MD5

      8fd7848b51ea13322302f7683ab622e3

      SHA1

      fe667643d8cf57c228c3eb35a65d5c5c0ad236f8

      SHA256

      bf7015462eca2a7b049085ef5879dbabc8ca1eba65e7b84379fb57e392f28f65

      SHA512

      ad848cbb867d02bc4afffe48b168c4b0707c100861d5b8410ce21ec2c2466db33998bf43ceb894bc80b6daa475275fecf9d47a1b1917538013490d29c030c16b

    • C:\Users\Admin\AppData\Local\Temp\_MEI4682\python27.dll

      Filesize

      2.5MB

      MD5

      018a9873015fddb712d44d36ba09e676

      SHA1

      94603bd77d3d1d73c49494f21efb891fb38ad0ac

      SHA256

      db5abf8f14c45843bdf4a65bff502b9e5bfce0fe969121b14168cb609ae0caa4

      SHA512

      5fced694f06672fedb21f63ed3461908ab698fe7e567b0b210d3c61c7791857e29fe3034160109516f5312676d3c80e42f67449c23e4544ecce77c9a67b23d7a