5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe
Size

203KB
MD5

8af301f4a074c04c352f3f88b8eddbd0
SHA1

a3152c7712d398da9452603a425c7e50543dde97
SHA256

5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f
SHA512

b72eaf7cbc99ed0f32092b5e3bc9afa3a9cad8d94aba76ac34aa8f2f9561dbeb51169b83e1ae519d9c8edbc51b8d28972f59888f840debb79fab16eca6e46660
SSDEEP

1536:AHtNFk+5wIaVanPSE8GHo7P1A4xVz28n8tonvZIqiauV:Adk+xagnPm/P1A4xVzkonviV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2144	jusched.exe

Loads dropped DLL 2 IoCs

pid	Process
2368	5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe
2368	5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\c043372b\jusched.exe	5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\c043372b\c043372b	5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Update23.job	5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2144	2368	5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe	28
PID 2368 wrote to memory of 2144	2368	5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe	28
PID 2368 wrote to memory of 2144	2368	5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe	28
PID 2368 wrote to memory of 2144	2368	5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files (x86)\c043372b\jusched.exe
  "C:\Program Files (x86)\c043372b\jusched.exe"
  2⤵
  - Executes dropped EXE
  PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\c043372b\c043372b

Filesize
17B

MD5
bd4960d6e802401b0974a8312a13e9e1

SHA1
5c3b43ed26fe6d4a274cb7e61e7f2991742e3a9e

SHA256
2e8bb0bffab927bb6141cd3f3a79e43beb9972734ef84e91d2dd30c0ecb2a98f

SHA512
a53e597ddb195ab806214e34847a0705998bffd7e28f4494b2529bda3545848125e29529e1b35bba458ad3dbdb0aadc4fd9b8725d1405b0745339a2b7f6a9957

Download Submit
\Program Files (x86)\c043372b\jusched.exe

Filesize
203KB

MD5
1259cd225251df4ccc42c29d65b0470b

SHA1
f9a3175be3466fe05f7876b842d234e399fde0d6

SHA256
1fec477abd5ca9b65217eb2ed66d4af2fbaac717cf5f28dd3c79741d0ac83be4

SHA512
5836c589e833538f3a1b46332d79efe4fb6ae4ea53baa711ce71f78a67f2c9a265955fc05e45c4c7aab58143230d0cb1488f8a97da55adf10edc3e333e07b10b

Download Submit