Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
27-06-2024 10:18
Behavioral task
behavioral1
Sample
7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe
-
Size
7.8MB
-
MD5
9487583eb0b95fb48e72331c4a37ba80
-
SHA1
2da35d9f83139d37193eb39ac95a4884adcef259
-
SHA256
7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023
-
SHA512
cec99ed3d2b11c3c5daf03e203b39eba7c70e0dc95992ac404c3c89a242633623d51573a42c37ba8b71b57c6e9baf0ff8cdb91379ddc6533f77cf1cb238e60fb
-
SSDEEP
98304:Z1zHqdVfB2b2B/MS27wcS0yuT/9vUIdD9C+z3zO917vOTh+ezDNhc2Qi0L6rxvmr:ZJQsSuZbT/9bvLz3S1bA3zzfQn97v9
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exepid process 2544 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe 2544 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe 2544 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe 2544 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe 2544 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe 2544 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe 2544 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI23682\python311.dll upx behavioral1/memory/2544-75-0x000007FEF5ED0000-0x000007FEF64B9000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exedescription pid process target process PID 2368 wrote to memory of 2544 2368 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe PID 2368 wrote to memory of 2544 2368 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe PID 2368 wrote to memory of 2544 2368 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe 7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Users\Admin\AppData\Local\Temp\7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7bcb2675e2c7c324f2f1488e4b5fd267c3cb5076c4e8a9d28223098edec23023_NeikiAnalytics.exe"2⤵
- Loads dropped DLL
PID:2544
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5f0c73f7454a5ce6fb8e3d795fdb0235d
SHA1acdd6c5a359421d268b28ddf19d3bcb71f36c010
SHA2562a59dd891533a028fae7a81e690e4c28c9074c2f327393fab17329affe53fd7b
SHA512bd6cf4e37c3e7a1a3b36f42858af1b476f69caa4ba1fd836a7e32220e5eff7ccc811c903019560844af988a7c77cc41dc6216c0c949d8e04516a537da5821a3e
-
Filesize
19KB
MD57d4d4593b478b4357446c106b64e61f8
SHA18a4969c9e59d7a7485c8cc5723c037b20dea5c9d
SHA2560a6e2224cde90a0d41926e8863f9956848ffbf19848e8855bd08953112afc801
SHA5127bc9c473705ec98ba0c1da31c295937d97710cedefc660f6a5cb0512bae36ad23bebb2f6f14df7ce7f90ec3f817b02f577317fdd514560aab22cb0434d8e4e0b
-
Filesize
21KB
MD51d75e7b9f68c23a195d408cf02248119
SHA162179fc9a949d238bb221d7c2f71ba7c1680184c
SHA25667ebe168b7019627d68064043680674f9782fda7e30258748b29412c2b3d4c6b
SHA512c2ee84a9aeac34f7b51426d12f87bb35d8c3238bb26a6e14f412ea485e5bd3b8fb5b1231323d4b089cf69d8180a38ddd7fd593cc52cbdf250125ad02d66eea9d
-
Filesize
19KB
MD5d6ad0f2652460f428c0e8fc40b6f6115
SHA11a5152871abc5cf3d4868a218de665105563775e
SHA2564ef09fa6510eeebb4855b6f197b20a7a27b56368c63cc8a3d1014fa4231ab93a
SHA512ceafeee932919bc002b111d6d67b7c249c85d30da35dfbcebd1f37db51e506ac161e4ee047ff8f7bf0d08da6a7f8b97e802224920bd058f8e790e6fa0ee48b22
-
Filesize
19KB
MD5eab486e4719b916cad05d64cd4e72e43
SHA1876c256fb2aeb0b25a63c9ee87d79b7a3c157ead
SHA25605fe96faa8429992520451f4317fbceba1b17716fa2caf44ddc92ede88ce509d
SHA512c50c3e656cc28a2f4f6377ba24d126bdc248a3125dca490994f8cace0a4903e23346ae937bb5b0a333f7d39ece42665ae44fde2fd5600873489f3982151a0f5d
-
Filesize
1.6MB
MD55792adeab1e4414e0129ce7a228eb8b8
SHA1e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA2567e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b
-
Filesize
1.1MB
MD524ebedc58aa4ff23043bf79b05d267d4
SHA1c2e7bd18e4091f2a7f7c933a5734b05dd971f24c
SHA256d93ce42cd625510b2355de086bcd19e2c11307ccade7bad62b09c7f340a866ba
SHA5127f0563e814cc4aaf292683403888340bb5d95e6a7bdd35d81eebbd10bfb8e4e5130d0a626b8fb07ff3cafaae4a2698cf7103aabcae74e5d13449db482ec49bc9