Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
28-06-2024 19:56
Behavioral task
behavioral1
Sample
a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe
-
Size
5.3MB
-
MD5
f9845d0393ae32ad62f942d86bcb5250
-
SHA1
fe0ef9adfdf9150917d522cfbf007233d0b59ea8
-
SHA256
a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb
-
SHA512
9ace006214adf986f232ad87b6363df289526ef659ac9f4be00bb1d9938a78555d8d18f4f5def5dc6f6682bdfb2ddfce9dfacd110f7d181d8b079dc481e3d6ac
-
SSDEEP
98304:Q4UuJam8M/k/0n+415zScTqve6DOAsqnYddV8aN/n/avNFz:v/Imz/Znj86NpN/n/avN5
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
gjgcfl.exepid process 2996 gjgcfl.exe -
Loads dropped DLL 1 IoCs
Processes:
a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exepid process 2984 a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe -
Processes:
resource yara_rule \Program Files (x86)\ejmkdbwup\gjgcfl.exe vmprotect -
Drops file in Program Files directory 1 IoCs
Processes:
a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exedescription ioc process File created C:\Program Files (x86)\ejmkdbwup\gjgcfl.exe a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exedescription pid process target process PID 2984 wrote to memory of 2996 2984 a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe gjgcfl.exe PID 2984 wrote to memory of 2996 2984 a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe gjgcfl.exe PID 2984 wrote to memory of 2996 2984 a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe gjgcfl.exe PID 2984 wrote to memory of 2996 2984 a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe gjgcfl.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\ejmkdbwup\gjgcfl.exe"C:\Program Files (x86)\ejmkdbwup\gjgcfl.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Program Files (x86)\ejmkdbwup\gjgcfl.exeFilesize
5.3MB
MD597fbe3a640b57b4ef6b8d7b21290d038
SHA1f796d9d9e65ecdb4c876dd7a6b3af425ed970de1
SHA2568537007f3e43c7c4e571eb267cf8de9ff12c02bf6d2143c038acff9ab0b95bf8
SHA512f10458db3420ffa0dca11df9ee95e9a01866f1cef6b6e91be92475b7bb66ac345ead39500e7787bc3439c356080da8b5310c17dc90700c8dabff495e28a2d655