Overview

overview

7

Static

static

3

646355bc54...cs.exe

windows7-x64

7

646355bc54...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 10:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    646355bc54c0bf1680cd8206a5e1ecfa68067dc7cafe0452d44247d82dc8337e_NeikiAnalytics.exe

  • Size

    167KB

  • MD5

    0840843d6f1bf862e59f067897ce68a0

  • SHA1

    8bbc534e537dbf973d2a94ced384b060330c1f60

  • SHA256

    646355bc54c0bf1680cd8206a5e1ecfa68067dc7cafe0452d44247d82dc8337e

  • SHA512

    43c9d9ebc6a7a3a85bd37ac34516b6ca9396a06ca33156b1620d13afdc2e95c0caec48d6498e2830753b4051b6328f8aa925383243ad2157a0e35d40f2e5a57f

  • SSDEEP

    3072:8v5hm7VmBP7PtReQJUaMLgEE5RXbJpIUqTn:S5wAJyQJRMLgEaJpC

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\646355bc54c0bf1680cd8206a5e1ecfa68067dc7cafe0452d44247d82dc8337e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\646355bc54c0bf1680cd8206a5e1ecfa68067dc7cafe0452d44247d82dc8337e_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\646355bc54c0bf1680cd8206a5e1ecfa68067dc7cafe0452d44247d82dc8337e_NeikiAnalytics.exe" "C:\ProgramData\CacheMgr.exe"
      2⤵
        PID:4116
      • C:\ProgramData\CacheMgr.exe
        "C:\ProgramData\CacheMgr.exe" -as
        2⤵
        • Executes dropped EXE
        PID:1916

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\CacheMgr.exe
            Filesize

            167KB

            MD5

            0840843d6f1bf862e59f067897ce68a0

            SHA1

            8bbc534e537dbf973d2a94ced384b060330c1f60

            SHA256

            646355bc54c0bf1680cd8206a5e1ecfa68067dc7cafe0452d44247d82dc8337e

            SHA512

            43c9d9ebc6a7a3a85bd37ac34516b6ca9396a06ca33156b1620d13afdc2e95c0caec48d6498e2830753b4051b6328f8aa925383243ad2157a0e35d40f2e5a57f

            Download Submit

          • memory/1916-10-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/1916-12-0x0000000077BB0000-0x0000000077BBA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/1916-13-0x0000000000470000-0x0000000000486000-memory.dmp

            Filesize

            88KB

            Download

          • memory/4796-0-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/4796-2-0x0000000077BB7000-0x0000000077BB8000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4796-3-0x0000000077BB0000-0x0000000077BBA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/4796-8-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download