Overview

overview

7

Static

static

3

143923747f...cs.exe

windows7-x64

7

143923747f...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    30/06/2024, 19:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    143923747fbb5bf31a677d3066b520032c100f1e7232d37d1f6bd9ed402ef9ea_NeikiAnalytics.exe

  • Size

    688KB

  • MD5

    f7a7d8f8e8619b136facd9f6b8dfcc30

  • SHA1

    74228f252b20821a66161bf631fe06fd7186b4b2

  • SHA256

    143923747fbb5bf31a677d3066b520032c100f1e7232d37d1f6bd9ed402ef9ea

  • SHA512

    ce82dffc02360783b48136367889b09edf44744ef67f4fffda3bdc34a571215f648a38304427eba592bab891b1377098e43811e665e7a96326952e482fb777b0

  • SSDEEP

    12288:S1/aGLDCMNpNAkoSzZWD8ayX2MQCw7D0oxY0zgLjTdl9mYdOmBUji1NcJ8h4V3kK:S1/aGLDCM4D8ayGM/LnlK1jiG8h4Nk3a

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\143923747fbb5bf31a677d3066b520032c100f1e7232d37d1f6bd9ed402ef9ea_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\143923747fbb5bf31a677d3066b520032c100f1e7232d37d1f6bd9ed402ef9ea_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\ProgramData\pgqul.exe
      "C:\ProgramData\pgqul.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1620

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Documents and Settings .exe
          Filesize

          688KB

          MD5

          e05fea5ab12e36d0c7f1aae50e9f6915

          SHA1

          f7d9b368303ab821cc20da765ec3d13921ddf144

          SHA256

          142620c7c5b87ed6c44a9600bcefc25136d26e2bd91fefb7aa3499f4253b5b96

          SHA512

          21af6edd50545434fdee5d7be761d363ba69134573ee75f984263304c8f3d790ef13239aabbf1f2d7c0ab37b067212f4402bac40db410b6985e135ebe43d8ff8

          Download Submit

        • C:\ProgramData\Saaaalamm\Mira.h
          Filesize

          269KB

          MD5

          ca9dfac0aff393d7ad3732c18bf722be

          SHA1

          0bbb7be6293e7fd953293d9e7d5ad0cbfbc81e75

          SHA256

          dc2214022e8be1e51c69f9554ad5e5da74e9a9f7ec8fd2f08b3e5c9f0bb01423

          SHA512

          85d4e203983608671fdeb61cdc7e6bd79389001a4c427f1d473de5298a737e65c6f0c6f1243a64b5608349684a180c79516519632beb33a67b44ff3e446d75c3

          Download Submit

        • C:\ProgramData\pgqul.exe
          Filesize

          418KB

          MD5

          118f4099d8751d811d092eb3f99d3aed

          SHA1

          c05daa62fcc6e4e426a58188dba95916a2663d4c

          SHA256

          50b4af2608afbf2d8c7d729a70a35a14e58ceffce0fa3a6758a455c65c21a273

          SHA512

          4413229f73f39e4e1191786095d0edf91173f045f29dafb847aedd727b5771599645d80890472a367eb3123c45503034ec78dc72a864c1bf0163068fe6a19ba5

          Download Submit

        • memory/1028-0-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1028-14-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1620-137-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download