Overview

overview

7

Static

static

3

0cf0d6d20b...cs.exe

windows7-x64

7

0cf0d6d20b...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0cf0d6d20b8666f538f5b984b059eb654bac42aeb9c802545474bb32ce41b65f_NeikiAnalytics.exe

  • Size

    995KB

  • MD5

    54d8295e6da9bdad917a8b62b837e810

  • SHA1

    3e0ed45e7bd7698cc73d5044ddbc84d86ea6c994

  • SHA256

    0cf0d6d20b8666f538f5b984b059eb654bac42aeb9c802545474bb32ce41b65f

  • SHA512

    17c69aa680d10d3118162adf9dc9af2344deb1722263dbe0902950bf6860d7d0e0a4f98839540ac6f75239bf967de4ebe2bcecc3cda575444aa0d6a51708fd68

  • SSDEEP

    24576:4DDdlymz69QEi5yxEnR1sY/3Q4d+hhy6WTprUvR5JK:Ce9QEgyxEnHsY/3Q4Ihhuto8

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cf0d6d20b8666f538f5b984b059eb654bac42aeb9c802545474bb32ce41b65f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0cf0d6d20b8666f538f5b984b059eb654bac42aeb9c802545474bb32ce41b65f_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\ProgramData\itdlor.exe
      "C:\ProgramData\itdlor.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4204

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    995KB

    MD5

    e9a120c8d7c19a9d34f7f1d03ee1b706

    SHA1

    de7996a19ceaa3b23cd4871b9ca991de3c90c03f

    SHA256

    33f4ad0693d760a50c598fbac48af1cf003b38efd7b479f00ea3676b70a0fcaa

    SHA512

    a8225f2f76e62234266c9d991da352ff9d9578e240c049f652cdfb3e200ccbf594152396c6b75efe472d65ab7b42f94d26ee4de27c5ed02358fe9d2d90739d87

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • C:\ProgramData\itdlor.exe
    Filesize

    858KB

    MD5

    8c4b7e45e58e79fb32c42ab077ad3eb7

    SHA1

    913762566929ecc8cbf31d63817beeec05eac31d

    SHA256

    e723b964d99255f4c822fe48a9fe3b1b5307b87d7de8950e73925ae26c5ad533

    SHA512

    c9ad447235cbdb46c36e47521f8694026ff1888ad51ede01aca864de5de74ad5ee5727c881b4d530509276d6d762526b67e221a2248adc4cd57bb1415e56f170

    Download Submit

  • memory/2732-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2732-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2732-9-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4204-130-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download