132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29_NeikiAnalytics.exe
Size

697KB
MD5

52e12df539a925dfcb12418289500cb0
SHA1

8423d35c69575d731a7cbc40f88a442b231dc5fb
SHA256

132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29
SHA512

5cb15e7688d4d78a96cc837cb8e77ba02b69a407fe3925b6ec8b01cc6d4cbeabff75af825f6ad00c68dfd61773b79b17530f94448821f0b2e49145312ff863f3
SSDEEP

12288:7ytbV3kSoXaLnTosllBuGejfb6UF82zoX/ojEJO8BCx+0C0Akkx+:6b5kSYaLTVll4hHF82zoXwwOC0Cl+

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2992	cmd.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2500	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2116	132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29_NeikiAnalytics.exe
2116	132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2116	132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2992	2116	132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29_NeikiAnalytics.exe	28
PID 2116 wrote to memory of 2992	2116	132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29_NeikiAnalytics.exe	28
PID 2116 wrote to memory of 2992	2116	132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29_NeikiAnalytics.exe	28
PID 2992 wrote to memory of 2500	2992	cmd.exe	30
PID 2992 wrote to memory of 2500	2992	cmd.exe	30
PID 2992 wrote to memory of 2500	2992	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\system32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\132705d9526c031b59efd74fd2cecc20b3e4d0bdf85a758ddd9866895f9f4e29_NeikiAnalytics.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 6000
    3⤵
    - Runs ping.exe
    PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads