Overview

overview

5

Static

static

3

2374bfa5ce...cs.exe

windows7-x64

5

2374bfa5ce...cs.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 00:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2374bfa5ce9f115700b68372121e12f9a8e490a8d28a5da999e257d969af6a7a_NeikiAnalytics.exe

  • Size

    2.9MB

  • MD5

    63ac3ef7db5e58ffb5aaea601a38bfb0

  • SHA1

    db099e58734b91bc53939896acf7e17d32e1f0eb

  • SHA256

    2374bfa5ce9f115700b68372121e12f9a8e490a8d28a5da999e257d969af6a7a

  • SHA512

    cceb034bc86019422b180a409810af91a4836d42886fa246f500a62bad6610fa6800f6e851a71dafc5c01f445c6d8b21c95a7ff5108c0118caefd1c23132fdfa

  • SSDEEP

    49152:v7Srk6eF6g2yiuBt2Lj3p3VMI0wPQ+iPY7V1RcJSEpFApHuBT3w1n70xcb:v7/6ZgR/e70QQ+F7V1RqepHOTw170ib

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2374bfa5ce9f115700b68372121e12f9a8e490a8d28a5da999e257d969af6a7a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2374bfa5ce9f115700b68372121e12f9a8e490a8d28a5da999e257d969af6a7a_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    PID:2100

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\RCX5295.tmp
          Filesize

          2.9MB

          MD5

          f4316009d32402836b44273c587b9544

          SHA1

          a3599e7c8fe5446af81395f536bc9358986135e9

          SHA256

          b0bb5d659b9a27e5f14685d14a492997589f94a692cc9aac26cccceb785f17f5

          SHA512

          e3cab273e80f0708f846a2e4e3ae84cfba4eb62c13b3da31a1d89a93ab0e5d97cf1f28305e0d53b5307f201170053c60f786c3c1cf88b6970eefe78fb72e335a

          Download Submit

        • memory/2100-0-0x0000000000400000-0x0000000000EEA000-memory.dmp

          Filesize

          10.9MB

          Download

        • memory/2100-1-0x000000007FA70000-0x000000007FE41000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/2100-12-0x0000000000400000-0x0000000000EEA000-memory.dmp

          Filesize

          10.9MB

          Download

        • memory/2100-13-0x0000000000400000-0x0000000000EEA000-memory.dmp

          Filesize

          10.9MB

          Download

        • memory/2100-14-0x0000000000400000-0x0000000000EEA000-memory.dmp

          Filesize

          10.9MB

          Download

        • memory/2100-15-0x000000007FA70000-0x000000007FE41000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/2100-16-0x0000000000400000-0x0000000000EEA000-memory.dmp

          Filesize

          10.9MB

          Download