04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe

Analysis

max time kernel
141s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe
Size

6.5MB
MD5

7c2527090e68a0de0bfbe698073f8740
SHA1

a0de5977c75bb53f5216f6d8a8f0a39990b9e6f4
SHA256

04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe
SHA512

2b7854013c1a8d9f890938beec7e9cafb7d0d4f3efbdaf2ba1facf58f9b9a31048c7c2c119048d5015ca5fe863ba39d5f54e9bf66b1fe50af8995da88fc54cde
SSDEEP

196608:Vygp1A9onJ5hrZERiRQ3jo4UHSEz7+hVv/Jx1Au:fp69c5hlERQA2y4ShJj1

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe
2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe
2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe
2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe
2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe
2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 2544	5096	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe	84
PID 5096 wrote to memory of 2544	5096	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe	84
PID 2544 wrote to memory of 2928	2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe	87
PID 2544 wrote to memory of 2928	2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe	87
PID 2544 wrote to memory of 5016	2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe	88
PID 2544 wrote to memory of 5016	2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe	88
PID 2544 wrote to memory of 5020	2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe	90
PID 2544 wrote to memory of 5020	2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe	90
PID 2544 wrote to memory of 2768	2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe	91
PID 2544 wrote to memory of 2768	2544	04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe	91

C:\Users\Admin\AppData\Local\Temp\04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Users\Admin\AppData\Local\Temp\04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\04e5ccc0f20e0dacb144ae5c60a9e2dd8b3f5d96d204bdefa440a8e72d0046fe_NeikiAnalytics.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c
    3⤵
    PID:2928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title TokenFormatter [By complex091]
    3⤵
    PID:5020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c
    3⤵
    PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI50962\VCRUNTIME140.dll

Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\_ctypes.pyd

Filesize
123KB

MD5
b74f6285a790ffd7e9ec26e3ab4ca8df

SHA1
7e023c1e4f12e8e577e46da756657fd2db80b5e8

SHA256
c1e3e9548243ca523f1941990477723f57a1052965fccc8f10c2cfae414a6b8a

SHA512
3a700638959cbd88e8a36291af954c7ccf00f6101287fc8bd3221ee31bd91b7bd1830c7847d8c2f4f07c94bc233be32a466b915283d3d2c66abed2c70570c299

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\base_library.zip

Filesize
1007KB

MD5
a8c568dafdc3e33f09c32bcdeb220688

SHA1
71edf243634ac409885bda05856f4153a29a595f

SHA256
6b32dc110b9f82807a3125c5eb9dfcadf68bec292f4438df79a2c7ef907f11d8

SHA512
65fa356abb981720be890e008799c3a29206f9ae822b2bb7cd133bf30a3e069fd13562306c2f41d84a69ffccf434a49d249906cdc6ad8802579a980585888afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\core\__init__.py

Filesize
2KB

MD5
3ac45b47b4bbf9757eda8166b888c9ee

SHA1
18c267d445bb3a15115b817858eb44184295fe38

SHA256
22ac511aef7a11bfc59e2c4b9e95bc91281e32dfe5cedff9d0ca4b2f0ff67e2d

SHA512
e07168fd24f3b0e54bce0887419deea76fbe46651b03a86806623ec180859ffaf1dd5e9a41221e6fcf4b983959ca3851a5c8043e1ccf6657d0fa5bb9307f2454

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\core\plugs\logger.py

Filesize
15KB

MD5
d70b599f688d6e4e852c2fdff8efbc6d

SHA1
a471ea57937713f06d77f01aaff5fcb382f7fbbd

SHA256
e2488a77e2055f0639d126e8bdf6ca44f0a85d873ef0aebf53f234aba08df7b6

SHA512
4fdfee5517d9a65857357cb38caa42ad47445c35b928512bc2327399a6385906f5abc81159be0ca4010a2f9802d944ae4e05cdf54689c5f4cb13a516b5ffe7fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\pyarmor_runtime_000000\pyarmor_runtime.pyd

Filesize
605KB

MD5
b8724f1aeada12865b7ecb8f647d4057

SHA1
e83bfd105075e41444b1d0d33bfd48b415f3b92e

SHA256
98b275723fc5558bf13db27c392f33121b504322d89f6ee3081aa5690adec6bf

SHA512
7b32b59baaf58c590acfd4bc43895ca0ff2692809f1d315e6eea9e17893ab91b2ee36eee48e01d03bd69ec38f3e01a9dcbd1faef66342059aa614b5ac63dab6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\python39.dll

Filesize
4.2MB

MD5
c4b75218b11808db4a04255574b2eb33

SHA1
f4a3497fb6972037fb271cfdc5b404a4b28ccf07

SHA256
53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2

SHA512
0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
memory/2544-72-0x0000000061B00000-0x0000000061BA5000-memory.dmp

Filesize
660KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads