3583e9305f4066d1354b34428bd8f19b04761f23cf47d733f027bd927e2f14b5

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Size

7.3MB
MD5

82a2116a33d29b220b5d87445faf91f0
SHA1

324bdddc27eb0906dca23ebd9042d5ac496f48ad
SHA256

3583e9305f4066d1354b34428bd8f19b04761f23cf47d733f027bd927e2f14b5
SHA512

785a803fb8c7dbabda98e2c9dd7d2fbc6cc1217cb06214c016243e5e03892a9055f27b7034b7fd848d83f8ce2e343098f75b6cf5e853eb3c7951a550e7a83356
SSDEEP

98304:8+BPc9rUoflanoCoN2ck3q2TfUvuQsRwAx8nfJVAss+bQYV:gUoflrCOP2Tf4XgSf5szk

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\82a2116a33d29b220b5d87445faf91f0_NEIKI.exe = "11001"	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
Token: SeIncreaseQuotaPrivilege	1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
1736	82a2116a33d29b220b5d87445faf91f0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\82a2116a33d29b220b5d87445faf91f0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\82a2116a33d29b220b5d87445faf91f0_NEIKI.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecb278651f66c6999a53785fb2815a71

SHA1
1e70fda58607bdfe461089443b53f9342fbf98be

SHA256
65d51235a52ef92239c9e5f3027150d9e05b890a73b0f06dea4dc313af03ba53

SHA512
27fc080046014fcca821a92d35fab7d4b723d7a857cce1f6e839e3799c2b2be28c518de66a3faea74c2c4360d67e27a01945caab6c7550ad427f9f0848b7bf68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d9cbe2bacd92bb9f5c8d4cdf0ad5d67

SHA1
dc15802ccaaa14f73ca9fc5d6dc88d691feb8426

SHA256
a7eab02491f386286737641c93f16e3723de48662b6db4366cef562f701f1df5

SHA512
52d34e1b3ebf0a21aa27e6f159e03615175082ff3a58d80942f2f29795941e7450920deb9693a5c6f9cebb60114c8eeb6d38c796f8caddde6c5ecbb95ddcff45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de93391c3e262217a9c67897e2f4aef9

SHA1
24cad621297d4b4190d14867024ef34892e1d4d4

SHA256
d5723d228c190288219bdfb660bb11c3cfc5937b15972b725342d2e5b99515d5

SHA512
c3e9ed921d6e4e9f75853ca1452c843034d631d02de52537be3be66ed7558314cc256be9eeea72c47319d99b619b16f915a0870fa8199d6a6da6c4405ca9d7de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3dde5ead47d88de33f0ee69f82a18bc

SHA1
8a3fc0a4972e8afccced38b55e32ae03f0712c62

SHA256
5bec6d06e64714a3483fa1d158c402e213ea089573b4b05ce125a1b48dbcfb3d

SHA512
dfc4635efd4829915e0bc272ce0f15c0007f315a2544dced2b38cb433869bca5f6403a6de4878e7ca25c7de8af12a285cad1fd9e5c1173035451ba59ac0b07ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c900a950f78ad2c6d9b69f8cd8a650e

SHA1
6e63bd333223a464abd96a46b37baca1170a79a0

SHA256
789cb0d61562f456caf7f0e0fe2ee686e53b539cfd3d3fe9ec4533ee8a10936e

SHA512
6b0995fb2ef1cdbbd1e005205a873e331f176599f47c706baa75c3dacae98007ad8eb1352ebb310c41e28c856ee7c54f571fa097443b651e257c833ba38a7b37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1c8da650487fc6dc7174b87a4badfe9

SHA1
5654783d44d32e3153b8d20bb93f476fdc892dc6

SHA256
b467b34ec672c8dbf53d7cbe1f2b39a0aeeb8e39808a66bd782ffba0918fef12

SHA512
25c06b5f86dc950f3412b9a17d3be15615c2bcdf45ec3c3d43dc8e28fa365cb897ac01d34110951607aa76df7e289cd2678023c197ea382497c06832144ec490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f51bcc1363f4c303cfd1855f7c64827

SHA1
4f72b9421e80b84523d4e03063f5d39f8c79f90e

SHA256
dd9ecf97d6ba24002d9097d61562dfb92344a98715022af879edf5816145da15

SHA512
f417790671f298419cf25246a201ee42912504336541d4a9a8ec83433c55330a0ba84ddd284b9dc9b9c96baed73624bd6f525800b7a3430a74d8975bb3f5b2e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6dceda9b5108d32225e5f43d979abe06

SHA1
58bfd86decf2403b9c03311e9ceaa5388150fe58

SHA256
872a0e75af051f1cbb08dbf4c4082b0fcdd4beccd629a88927f1d3d978657119

SHA512
20b8d514433364234dbd4e6c093af7d19153805972a70d8589b0d5aafb6edb1a872c00020614dac9a7a835d58e6880ce3ad4ae98dcf2ffa9a3a2589381b65b20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25ea29f31e6b37f1d25da75cd701683f

SHA1
7a5e0ea20a004c0dc65b6058e2229ce7fec18991

SHA256
64ee147c9e0026dd075f001b0d15b84b68c35e0bbd947f71b8d7ec6240b01537

SHA512
5b95c42ae3c408ed28c6e935bf508f415253cb16c3dc5da1fc19565407fbb8f1b89a19ad7815e01e306e067d4416de428e4c783601cdb6e590055790b16b3f1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0b26446763c4f2a580770e1e06d4421

SHA1
2aaf60d5c80fe84383d544bba2ce0415755dc308

SHA256
af8ab3c2ff5646c5568efb2a27d488e8da2f16308cc1ba2a255ab017188ab23d

SHA512
01feba9f9e99389d94a91db241d078363411740e944472998d8f5dc4b49127ab6fba832b7abb66e9a11050e1e0af7d1b23897ea910d06d0bcda04ee5ae0c19c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
337f182fa2732bac2840001122e95bbc

SHA1
5dd022aba895e50cf5a221eec10622e394f1c123

SHA256
f2ab39aea58e3dc35b77bd7eeee07043df31bb6412a7149a9f58b2df5344b858

SHA512
e37b882fe98860ab77eca131d7da5cfb4f32a55ebfdf270a2ffad6a5fde3cbf45df169f075ac52a3aa36cd0b8d7d39dc190f49c278f96545a6dc2442dcc0b2f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7af654733217e7b85418fb1dd2da6af

SHA1
5c98859794c4f028ab4d509102032c342e35803b

SHA256
839dd05fc954da161396e9f4c2bd73d8bc695d4564cd5929b37d6e600137aaca

SHA512
cc9245bf83ce49a5fcc05941025baf6546220d75d1f98fd956261a492c2f05d6883d30a1f2368f8c834044b2934d1a6b85f795d5583774ac30d59f86a4f3f659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f375fc47344059ca11d727d84243bcc

SHA1
616bec7055825fde93ab90ab729aafa7d9d84611

SHA256
2b8bc9efe5cbac0f208c81d67da977b763a3b37b528bbd0c8c469ee9e9437093

SHA512
356d430ce4bd4c5d2272001c693350bbf1d09993bf5e8ecdda304797c593967daa1853ea93d245a467f7c2e3cc107c4c6aa63f644e158f64048776892042c4b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7b2557a3f7ae59e1bc21dbf8ff7f730

SHA1
6e3f871d84bc240611151e50237d5c69b901687d

SHA256
ce30f0892d2a3af82d4da01d89939c5032e27fb7ba79894d039a56da07bd3230

SHA512
f3c8ed734a395e5a0f54f01467ff8b5c096313cdae5b6c6a75531c52e8458a3f841c786d2da2ac40568146975e08061bac417336bb9896362ffa06275d0522a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
090a42a24db9622177a43a9e070041b6

SHA1
b7ec3ea9a1ba8365bd01da4cf1196775c12549c9

SHA256
131b99806660bb777d3d5b241bc191acb0e83f5637f2850269c6a90da65a07c4

SHA512
b080afb0636cb192576ad0f09269518e4453e2db67b48f7913a264f326a2f5b711e5d8970943002dcb3edbdfd0fd458bf5ba13dae378199c839b56ff7db667d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2CB2.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2DFC.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B1EBB89B-B18E-4102-98E3-B54B56F6A508}\CCDInstaller.js

Filesize
1.2MB

MD5
a8cca5b969784f356bcf8bbd0895b8cb

SHA1
bcedc0d7ed2e6ac55709f0b837a354c6ad7f9c97

SHA256
a641388d7b4c162c026606d4b099afc45db810edb39c8c5bddd087a1df840aa0

SHA512
7c9e9fc110ea0a5c51a15b5253c0dc2d47a490581dd4005925c3045d6f4e2ed0ff9cd427a9cc42db090153706283b1a6270c225bd3a161198c805db435375670

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B1EBB89B-B18E-4102-98E3-B54B56F6A508}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/1736-11-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/1736-31-0x0000000007A10000-0x0000000007A30000-memory.dmp

Filesize
128KB

Download
memory/1736-30-0x0000000007A10000-0x0000000007A30000-memory.dmp

Filesize
128KB

Download
memory/1736-29-0x0000000007A10000-0x0000000007A30000-memory.dmp

Filesize
128KB

Download
memory/1736-28-0x0000000007A10000-0x0000000007A30000-memory.dmp

Filesize
128KB

Download
memory/1736-759-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download