Overview

overview

6

Static

static

3

6aa38a8895...cs.exe

windows7-x64

6

6aa38a8895...cs.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 08:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6aa38a889585f437412899316358c631760452a3255179b27359d418d75651be_NeikiAnalytics.exe

  • Size

    36KB

  • MD5

    a3fdcc17784fca38ddca8315d401e3f0

  • SHA1

    9792f6c80e551cc9271056f7b490218b6c8d9e5d

  • SHA256

    6aa38a889585f437412899316358c631760452a3255179b27359d418d75651be

  • SHA512

    ca835a41dbb5dd0f76b51bc314df5b5f24a9eb32b7010c4a8fb6ecf481eda1013557946e211c7b3db09a69d196812f0c2981fc2e5932377ac904a82074d0216f

  • SSDEEP

    384:KrxUgkqE6n1Sy4OyzLeReRZnnMLxei3LseKVQFbFgIy8NmvcVacHi7g:e/1STi4geUAeKVKSkNmEVacUg

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: RenamesItself 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6aa38a889585f437412899316358c631760452a3255179b27359d418d75651be_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6aa38a889585f437412899316358c631760452a3255179b27359d418d75651be_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Windows\SysWOW64\regedit.exe
      regedit.exe /s C:\Users\Admin\AppData\Local\Temp\~dfds3.reg
      2⤵
      • Adds Run key to start application
      • Runs .reg file with regedit
      PID:1828

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\RemoteAccess.exe
          Filesize

          36KB

          MD5

          8360ecf94481dce9f8c781d35769b78c

          SHA1

          2b6e47505c82ba8c6134e07525a47f028a64bc8e

          SHA256

          01b98b15042e5ba0b317903c0d764213f9ee4c33b5dbc6f4f55333d1bd7d3daa

          SHA512

          596e3f273868de12b189905603ebeaaf7e5e9a7e51234e44726c0dd3b2bdff1ff520a151c3b33be2cd27570eadcb9f04e9677c8fd62eda1c348d46f53ffc37be

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~dfds3.reg
          Filesize

          176B

          MD5

          ef4358f3d9a6ba6b9dac3ce873814312

          SHA1

          cb97415030cff24cc9139ea262fc3d5a260abd4b

          SHA256

          186b6578439c68475ae61c32968f92437654cf0e93a9a7d4a78d613df1dc8aff

          SHA512

          404540b25b907b8ce3be42979f6b78ee1cc06096ec5a953bf9c54b1bc3bb13620f82f9a35992d9cf452f5c0cb91da034d3c474106414a2e767b83b127022bbb0

          Download Submit

        • memory/2300-0-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2300-1-0x0000000000020000-0x0000000000029000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2300-2-0x0000000000020000-0x0000000000029000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2300-13-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download