Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 08:39

General

  • Target

    8f226fbeb0e9f4c4adbe8d4de68ac0e43c4c4bdc8a1ebe5bd7f770c1f4ec074c_NeikiAnalytics.exe

  • Size

    220KB

  • MD5

    ab23c98603f6e77b0eee1f979ff800d0

  • SHA1

    27b96dfd589f73df41e93439fa782fdb5b00bc13

  • SHA256

    8f226fbeb0e9f4c4adbe8d4de68ac0e43c4c4bdc8a1ebe5bd7f770c1f4ec074c

  • SHA512

    e6ad3aff858fb4c47b039a78ca332585fac63440975a64cbd4869e44238dc0dc2a71af3ee25ac7fdeabaf3509d5fd1fcd1783488223f93e1935a9897be32db14

  • SSDEEP

    3072:MPCSgEQ5iPrzbswmm+f9WrpUl/lyeV+l76wYDJFrWlUnk1o:TEQ8Pvb5GloQWqk

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f226fbeb0e9f4c4adbe8d4de68ac0e43c4c4bdc8a1ebe5bd7f770c1f4ec074c_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f226fbeb0e9f4c4adbe8d4de68ac0e43c4c4bdc8a1ebe5bd7f770c1f4ec074c_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\$WINDOWS.~BT\WMIC.exe
      C:\$WINDOWS.~BT\WMIC.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$WINDOWS.~BT\WMIC.exe

    Filesize

    220KB

    MD5

    8b502153bdb823ef3f8b43d0a3f64710

    SHA1

    d8dc0a1765fbdf3cfd4e37322f3bc4c44e4e503a

    SHA256

    71195414f33b49b281d1dde071ef2b8e06cd94918dfa9cc7750d6d207e0bf25a

    SHA512

    00c2f87e66fb8aff9ee6556ea9e88f7772aa9d4d1f68664e39ae9ec782417b2ada8b96a865f2ce138bdbe46a8223e15876ffd92f2b1caf6a3dff29a91c751b24

  • C:\$WINDOWS.~BT\tmp-0.bin

    Filesize

    8KB

    MD5

    7e1767704e2ff3fff573cfe3a64db5ea

    SHA1

    9ce3859b97052cbafbb3ef9d00e7f365191f7f3a

    SHA256

    1974f473cfe56ec51679d1854a52f8ef1ef6279b7e91fa8ff10374559c8a81e6

    SHA512

    64d2ee75e52aaa360935f228a71753698235e7300f78877a780aa8eee2e328a0b011891199db70bfb367face76f89b05f6ba3aac249f450d6ad2d7b06f5a3702