Overview

overview

7

Static

static

3

5c853ad8ed...cs.exe

windows7-x64

7

5c853ad8ed...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 06:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe

  • Size

    203KB

  • MD5

    8af301f4a074c04c352f3f88b8eddbd0

  • SHA1

    a3152c7712d398da9452603a425c7e50543dde97

  • SHA256

    5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f

  • SHA512

    b72eaf7cbc99ed0f32092b5e3bc9afa3a9cad8d94aba76ac34aa8f2f9561dbeb51169b83e1ae519d9c8edbc51b8d28972f59888f840debb79fab16eca6e46660

  • SSDEEP

    1536:AHtNFk+5wIaVanPSE8GHo7P1A4xVz28n8tonvZIqiauV:Adk+xagnPm/P1A4xVzkonviV

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5c853ad8ed8af6672b0268061506bc4a32790bc8c3f9586b1eea10ee9f21f76f_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Program Files (x86)\7791d729\jusched.exe
      "C:\Program Files (x86)\7791d729\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:756

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\7791d729\7791d729
          Filesize

          17B

          MD5

          bd4960d6e802401b0974a8312a13e9e1

          SHA1

          5c3b43ed26fe6d4a274cb7e61e7f2991742e3a9e

          SHA256

          2e8bb0bffab927bb6141cd3f3a79e43beb9972734ef84e91d2dd30c0ecb2a98f

          SHA512

          a53e597ddb195ab806214e34847a0705998bffd7e28f4494b2529bda3545848125e29529e1b35bba458ad3dbdb0aadc4fd9b8725d1405b0745339a2b7f6a9957

          Download Submit

        • C:\Program Files (x86)\7791d729\jusched.exe
          Filesize

          203KB

          MD5

          f944fe6e9078ad1ec762f65fa6748c64

          SHA1

          f5f3e9b59a81f4be279b256b11502ccbf0043c90

          SHA256

          701a3abdd1ed7beed2c11fa51831b0f90485647ad4d815ff08092042c25d2ee2

          SHA512

          452b46badbf095ac396676852dd0f7111fba2de15150915be081d3c1ea91948f87de5ba88a711017b9538f018c1c5f0d9c1cfd39b20aafa532c5e4c16955687b

          Download Submit