Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 14:44
Behavioral task
behavioral1
Sample
c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe
-
Size
4.1MB
-
MD5
c506650ad9138ffde6620e23b3c42d90
-
SHA1
293edf0c6028b3cbc39400eb449f7d8b16a5559a
-
SHA256
0b0b4a48930c16a3abf27ec4eff34eb05d4b2d351438e3fc0708a0a54150355f
-
SHA512
c55dbae0916d1744ab051b1772da0e6a17a667ebb7c4011c96f8bd6bf6f5998cecdb7cc47f96164e51d3f8e9f245e0bfc0c8df461e8a4546312c231dc4e68bf7
-
SSDEEP
98304:dxQeMwGjZjYfQfQEK9EmEZiUMVvMCeMXlnzBB0YGYt7AjYVglqWoQTtes8tWlJ:YeW8H9EmEZ29MCr1zBB0PqAjfkW/tesN
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
Processes:
c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exepid process 4380 c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe 4380 c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe 4380 c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe 4380 c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exedescription pid process target process PID 468 wrote to memory of 4380 468 c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe PID 468 wrote to memory of 4380 468 c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe PID 468 wrote to memory of 4380 468 c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:468 -
C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c506650ad9138ffde6620e23b3c42d90_NeikiAnalytics.exe"2⤵
- Loads dropped DLL
PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3840 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:81⤵PID:1616
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1005B
MD5bfac74236f1e608af27428665adc4b2d
SHA1be0b54e633d97f6d7748cb7ec22e0ccdccc39977
SHA256a7a1e535948b381901a22e15d1a5c5ea40787ae1a8f2ae7a42971d378ffbba9d
SHA512c93aa76ea7293131ba2f8283175f45bd8e442549e796927d75e1cfa4c6dbae3189c9c9f93097ad3ac60609f06218e30fbc627d2e13c8c91a3f299d13f03d9508
-
Filesize
90KB
MD56ae4a18b7591824366b0b41f24d52d45
SHA1e22e8abf69c8676b68fe42d9f26c2bd5f731af39
SHA256f943df92c70b640b6462312a048d92df8d2e4447129a6d2b75f8f99d6b5d641a
SHA512f882514fb21191c16dd0e778a26400e3614622df3da9e75da8360def79aeb23d96c820e10351a103ce910272192d39760f271d20cbb3763ef1d8b427b676559c
-
Filesize
45KB
MD51a5c016edfe7fe97de9d31981f048044
SHA1ef9ddea3006a8d89bf89099f8952290f05d6f75c
SHA25685a8bf57179152370bc1598d4fc8d6d7fe31ea839c4c6b0f2c20e52a87b8d101
SHA512bed7dd0c5f3082555710e01ffba164e33f3c45522429657b6768c8c39affeb9dec516fcbc5a2f833b5cab83dc1bd616c1774df7662e83fe55f5fcd4ff4083f78
-
Filesize
1.3MB
MD58fd7848b51ea13322302f7683ab622e3
SHA1fe667643d8cf57c228c3eb35a65d5c5c0ad236f8
SHA256bf7015462eca2a7b049085ef5879dbabc8ca1eba65e7b84379fb57e392f28f65
SHA512ad848cbb867d02bc4afffe48b168c4b0707c100861d5b8410ce21ec2c2466db33998bf43ceb894bc80b6daa475275fecf9d47a1b1917538013490d29c030c16b
-
Filesize
2.5MB
MD5018a9873015fddb712d44d36ba09e676
SHA194603bd77d3d1d73c49494f21efb891fb38ad0ac
SHA256db5abf8f14c45843bdf4a65bff502b9e5bfce0fe969121b14168cb609ae0caa4
SHA5125fced694f06672fedb21f63ed3461908ab698fe7e567b0b210d3c61c7791857e29fe3034160109516f5312676d3c80e42f67449c23e4544ecce77c9a67b23d7a