Overview

overview

7

Static

static

3

8f226fbeb0...cs.exe

windows7-x64

7

8f226fbeb0...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28-06-2024 08:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f226fbeb0e9f4c4adbe8d4de68ac0e43c4c4bdc8a1ebe5bd7f770c1f4ec074c_NeikiAnalytics.exe

  • Size

    220KB

  • MD5

    ab23c98603f6e77b0eee1f979ff800d0

  • SHA1

    27b96dfd589f73df41e93439fa782fdb5b00bc13

  • SHA256

    8f226fbeb0e9f4c4adbe8d4de68ac0e43c4c4bdc8a1ebe5bd7f770c1f4ec074c

  • SHA512

    e6ad3aff858fb4c47b039a78ca332585fac63440975a64cbd4869e44238dc0dc2a71af3ee25ac7fdeabaf3509d5fd1fcd1783488223f93e1935a9897be32db14

  • SSDEEP

    3072:MPCSgEQ5iPrzbswmm+f9WrpUl/lyeV+l76wYDJFrWlUnk1o:TEQ8Pvb5GloQWqk

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f226fbeb0e9f4c4adbe8d4de68ac0e43c4c4bdc8a1ebe5bd7f770c1f4ec074c_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f226fbeb0e9f4c4adbe8d4de68ac0e43c4c4bdc8a1ebe5bd7f770c1f4ec074c_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\$WINDOWS.~BT\WMIC.exe
      C:\$WINDOWS.~BT\WMIC.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$WINDOWS.~BT\tmp-0.bin
    Filesize

    8KB

    MD5

    3b116d9cb3ef1cc2a1c0d944b05ece97

    SHA1

    0a14f5402fc7c17a58c34e5d5e8e7eedd279ff5b

    SHA256

    f59c542fdc39a410c102ff73fbcf21f827719684e962f59256b7b3c23d1e8818

    SHA512

    80ce6d1f6991e4127b6ec4de2c28e42cc0409d37734a1d40b066dfedf7be7935ec7a6930795afd683f0d33cc7671da05a909cd0c430545ebfe396c9e1a640c2c

    Download Submit

  • C:\$WINDOWS.~BT\tmp-0.bin
    Filesize

    8KB

    MD5

    f17752c9debf83c8f7dc3eb19443151b

    SHA1

    cd4ca6728448470eb54b8a1df504f4c7680b31e1

    SHA256

    04ae1fd15d7a8863269d91ce52f3a1987811226b85d75d3f278ab037538a8f3a

    SHA512

    71f6ba1fe961439cfd4f4317e93043f6869948e58e001bae5f88d0ecf77190b3371ea28e4d9f4ceec2ed294d4ac63655c59f0f6e46a8409c30c0266d5421cc01

    Download Submit

  • \$WINDOWS.~BT\WMIC.exe
    Filesize

    220KB

    MD5

    b0dee78017758ff77e30903d7de8768c

    SHA1

    2acff287dfe9979e6e4cc9bd47d55fbebc19b1c3

    SHA256

    f4fa057fa8ba444e1e88bd76d9c8d7b383fcbc78d46e0ce30f04c35c13d43cbc

    SHA512

    041fa7272641fd9750db696b44051c3dbb703bfff49afbde4684be2fab7efb79cbb4b36acb7946c5fc9f1b8712e32f1471959824c395f3fa4dc3de471f5eb2a0

    Download Submit