Overview

overview

7

Static

static

3

0d492724ae...cs.exe

windows7-x64

7

0d492724ae...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-05-2024 22:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d492724ae99783cc9523089cbc10600_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    0d492724ae99783cc9523089cbc10600

  • SHA1

    206204c7c66082742ba86d794e04a6da89b3043f

  • SHA256

    8bc6ca56cc010dde8bbb42910f42d6a25c8874a3f0634188b70f6b17000c4eaa

  • SHA512

    fa68d7e1602d9a08b4adb1ed90636f76a760177b3b26c82e5d5c37a2be72e9749a428341ab5307eaf85f3330773a7d38cfe0c9c8c09d3b727e29e8ef17113f10

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpN4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm25n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d492724ae99783cc9523089cbc10600_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d492724ae99783cc9523089cbc10600_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\SysDrvW4\devdobloc.exe
      C:\SysDrvW4\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintZW\optixloc.exe
    Filesize

    330KB

    MD5

    47caad328e387c6ca60d084c88a77e0d

    SHA1

    b18297a16812b992abd87652f1c90f9cc4bd2ead

    SHA256

    776633d1ae53c57ab1390ab494bc16557b2f00e1547212133bdb1d5b06003f70

    SHA512

    c5320741493b9d6b9a86a23dce53c248ab326c4a3637bef2883be456270e1f3583b5d8012e300eb5364c662da5a32892c3687f96f1a9f60f6c112371c9d1c03c

    Download Submit

  • C:\MintZW\optixloc.exe
    Filesize

    4.1MB

    MD5

    bc6dec0417d61966303229fd5e743110

    SHA1

    2133361a5b73839289655ed7332bb605d574bfb8

    SHA256

    56b95c09393baa98fd1c0aa3f6a34baaaf1790d8093329dc9decc4fbdb98f6bd

    SHA512

    a9f5d38403a2f2d5ee357c6072cb0c9a484327b863c9cca725ee7ea0fd06fb7f65574696af80f5265b18e3e519741f30ca64e083caefac3ee2812bb27504b119

    Download Submit

  • C:\SysDrvW4\devdobloc.exe
    Filesize

    4.1MB

    MD5

    284469c9a613235c3fc0bb00862e3b7e

    SHA1

    81d204750dae7f013830ca71cf29bc96864151a6

    SHA256

    7b1c894ff202978fb4192dafe251c1bf3811f141235c0a185cbee33dbb813975

    SHA512

    f100260d58489041798e65434fdfcaa647d3ccb776188cdaa41a2f51e01afa13cad59e4440b5942b45d3363731dc6d4bec30f314083d5fbea54112fb372b17a9

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    207B

    MD5

    5cc3802feaf794f876eb1d91f374e835

    SHA1

    07c20d88a2b5cec8779e8344afd7ec1c63e2a782

    SHA256

    7ec07eb7cbb5f028a1a34839a05e349ce3d85aaa0d66bb1115f291d181e14c41

    SHA512

    9c82512073d6cb0366a510f092aa65cbd7c35992a0b5daeeef23a596eeb65a5957415ceaf5aa5aa34b14d930b48129afa373e8cb5cbf01cc4216cafb2b045577

    Download Submit