Overview

overview

7

Static

static

3

89cfcccb08...cs.exe

windows7-x64

7

89cfcccb08...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/06/2024, 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89cfcccb08fdebf676ae969d52a25a58a32eb1020198280cb93818dee5c99a6e_NeikiAnalytics.exe

  • Size

    87KB

  • MD5

    472b504599790ef555833670c63925b0

  • SHA1

    8c42390aeb9bb64f4d648c3167d3ae7e42be2f21

  • SHA256

    89cfcccb08fdebf676ae969d52a25a58a32eb1020198280cb93818dee5c99a6e

  • SHA512

    d100ea5512ca245a23482ec9581bd94a6768d910331fd83bc9517e114e82daab94a7929ce876b0a145e640b471dceb3a94d0f25bb1978341650a92b77aa656e9

  • SSDEEP

    1536:t0GIXAic1p4Ox5/P6471d+oNQvX7XLUNmAVqxh22zkZ5ZAMlVkvK4Y9ycioN:iX9071d+97XLUNmKqVz0j

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89cfcccb08fdebf676ae969d52a25a58a32eb1020198280cb93818dee5c99a6e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\89cfcccb08fdebf676ae969d52a25a58a32eb1020198280cb93818dee5c99a6e_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4244
    • C:\Users\Admin\AppData\Local\Temp\izilysa.exe
      C:\Users\Admin\AppData\Local\Temp\izilysa.exe
      2⤵
      • Executes dropped EXE
      PID:372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\izilysa.exe
    Filesize

    87KB

    MD5

    76607411c8accc859b6f3147e777f60c

    SHA1

    6fcad8a521442cca17df92cb240160315b916bec

    SHA256

    da5c5c6a5f09391a820e6d559419d12faef4807e191f08edbc79f4f4016b3a6c

    SHA512

    79921a8201a129d63aed2a4b00b849fb5497bbd3bc3fee40cacc8f859c6bed76eee1b34529ee047be1da29a9789824ad4206ea9348f5073f03a4ab0691c5792b

    Download Submit

  • memory/372-5-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4244-1-0x0000000000401000-0x0000000000404000-memory.dmp

    Filesize

    12KB

    Download