Overview

overview

7

Static

static

3

41179b92e5...cs.exe

windows7-x64

7

41179b92e5...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 07:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41179b92e5939c807b463cd528e38f2b50921d9f3abe594c54010c2f17ff34f7_NeikiAnalytics.exe

  • Size

    101KB

  • MD5

    1e59b7c74b224c79c2a2b422a91249b0

  • SHA1

    d472634f3d75e9a96b9063ef345a2c278e3ce837

  • SHA256

    41179b92e5939c807b463cd528e38f2b50921d9f3abe594c54010c2f17ff34f7

  • SHA512

    24bccc8b784f077b10258aa8b4aa84cc8480c8cd53f8b783608e43b5d1c30202728eb7fa4b3a46a7b26b76ae8acb837ad97798973d162b94dfcd904caf13edea

  • SSDEEP

    1536:0GYU/W2/HG6QMauSV3ixJHABLrmhH7i9CO+WHg7zRZICrWaGZh7yM:0fU/WF6QMauSuiWNi9CO+WARJrWNZsM

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41179b92e5939c807b463cd528e38f2b50921d9f3abe594c54010c2f17ff34f7_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\41179b92e5939c807b463cd528e38f2b50921d9f3abe594c54010c2f17ff34f7_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3532
    • C:\ProgramData\Update\wuauclt.exe
      "C:\ProgramData\Update\wuauclt.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2500
    • C:\windows\SysWOW64\cmd.exe
      "C:\windows\system32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\41179b92e5939c807b463cd528e38f2b50921d9f3abe594c54010c2f17ff34f7_NeikiAnalytics.exe" >> NUL
      2⤵
        PID:2156

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Update\wuauclt.exe
      Filesize

      101KB

      MD5

      54a604c0b912dde13f6d479ce85d9614

      SHA1

      f5379125f71cfea67383c097d68086438d5285d3

      SHA256

      be28af313a6ea604bc5ca1b7baf0b997af1434a18b10387dae9877f328f4003c

      SHA512

      27827a5b98c91be1a0294627ff50b66e64cd3b9daa971fbfee6e89eeae6d2eb60a7fe4d59d5e86f82fffc2104eba7af529c5831a6d8e3646ca366d2a452117b9

      Download Submit

    • memory/2500-5-0x0000000000B60000-0x0000000000B7F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/2500-7-0x0000000000B60000-0x0000000000B7F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/3532-0-0x0000000000AD0000-0x0000000000AEF000-memory.dmp

      Filesize

      124KB

      Download

    • memory/3532-6-0x0000000000AD0000-0x0000000000AEF000-memory.dmp

      Filesize

      124KB

      Download

    • memory/3532-8-0x0000000000AD0000-0x0000000000AEF000-memory.dmp

      Filesize

      124KB

      Download