Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-06-2024 05:37

General

  • Target

    572c20bd731aab8880c045790950ab7ff862fe958223ba0988b190b9b8fc1ffd_NeikiAnalytics.exe

  • Size

    744KB

  • MD5

    5f82c34d53e7dbfbe3769f3ff15b2bc0

  • SHA1

    6721420a2a1308da3421743a7be60bc42f73947f

  • SHA256

    572c20bd731aab8880c045790950ab7ff862fe958223ba0988b190b9b8fc1ffd

  • SHA512

    051d598296e3867a2fc75f5fd0bf9959eeba22a3bb7ffb70852b357132fdc51fe74d573d7e887a684223f124e55c7167713e0da46ec347806a99ccf402b9bbff

  • SSDEEP

    12288:9rMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUx9ViUt3XqtfAFHBB:7ZyCA8CBmn+RrNj9ay5Ir3XWAFP

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\572c20bd731aab8880c045790950ab7ff862fe958223ba0988b190b9b8fc1ffd_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572c20bd731aab8880c045790950ab7ff862fe958223ba0988b190b9b8fc1ffd_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Users\Admin\AppData\Local\Temp\572c20bd731aab8880c045790950ab7ff862fe958223ba0988b190b9b8fc1ffd_NeikiAnalyticsmgr.exe
      C:\Users\Admin\AppData\Local\Temp\572c20bd731aab8880c045790950ab7ff862fe958223ba0988b190b9b8fc1ffd_NeikiAnalyticsmgr.exe
      2⤵
      • Executes dropped EXE
      PID:3572
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 264
        3⤵
        • Program crash
        PID:4788
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3572 -ip 3572
    1⤵
      PID:3972

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\RCX5851.tmp

      Filesize

      744KB

      MD5

      eee669290506fe8a977e3a8af1ce175a

      SHA1

      e115672b661f95f9f0e2baa146c9fbdea1740c12

      SHA256

      20608683427b597c327d36abd6de09614be2dd9e36be48a036634294a86c304a

      SHA512

      f27912c4722426ca9f8849fe306c5f84b18cd00fdd13d2665b9ce3b00b4da672854f2c09586c5b97aaf5790375a7b598c7dde0778c308763a56a0884a81c0713

    • C:\Program Files\Java\jdk-1.8\bin\gjavaws.ico

      Filesize

      4KB

      MD5

      38b41d03e9dfcbbd08210c5f0b50ba71

      SHA1

      2fbfde75ce9fe8423d8e7720bf7408cedcb57a70

      SHA256

      611f2cb2e03bd8dbcb584cd0a1c48accfba072dd3fc4e6d3144e2062553637f5

      SHA512

      ec97556b6ff6023d9e6302ba586ef27b1b54fbf7e8ac04ff318aa4694f13ad343049210ef17b7b603963984c1340589665d67d9c65fec0f91053ff43b1401ba9

    • C:\Program Files\Microsoft Office 15\ClientX64\gIntegratedOffice.ico

      Filesize

      4KB

      MD5

      3ea9bcbc01e1a652de5a6fc291a66d1a

      SHA1

      aee490d53ee201879dff37503a0796c77642a792

      SHA256

      a058bfd185fe714927e15642004866449bce425d34292a08af56d66cf03ebe6c

      SHA512

      7c740132f026341770b6a20575786da581d8a31850d0d680978a00cc4dfca1e848ef9cdc32e51bae680ea13f6cc0d7324c38765cb4e26dcb2e423aced7da0501

    • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\gmisc.ico

      Filesize

      4KB

      MD5

      fc27f73816c9f640d800cdc1c9294751

      SHA1

      e6c3d8835d1de4e9606e5588e741cd1be27398f6

      SHA256

      3cc5043caa157e5f9b1870527b8c323850bdae1e58d6760e4e895d2ab8a35a05

      SHA512

      9e36b96acc97bc7cd45e67a47f1ae7ab7d3818cc2fdaad147524ce9e4baedfaac9cd012923ec65db763bfd850c65b497376bb0694508bee59747f97bf1591fd4

    • C:\Users\Admin\AppData\Local\Temp\572c20bd731aab8880c045790950ab7ff862fe958223ba0988b190b9b8fc1ffd_NeikiAnalyticsmgr.exe

      Filesize

      220KB

      MD5

      1b7fc3fa0a84470506c3028b48a5f04d

      SHA1

      3fa9f258fd20c92c0dd366f1520d44f61e236d3b

      SHA256

      9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

      SHA512

      1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    • memory/2752-0-0x0000000000400000-0x00000000004C5000-memory.dmp

      Filesize

      788KB

    • memory/2752-7-0x0000000000780000-0x0000000000781000-memory.dmp

      Filesize

      4KB

    • memory/2752-256-0x0000000000400000-0x00000000004C5000-memory.dmp

      Filesize

      788KB

    • memory/2752-258-0x0000000000780000-0x0000000000781000-memory.dmp

      Filesize

      4KB

    • memory/3572-5-0x0000000000400000-0x0000000000470000-memory.dmp

      Filesize

      448KB

    • memory/3572-6-0x0000000000580000-0x0000000000581000-memory.dmp

      Filesize

      4KB