0c8f51dfd58caae81a9020107236b533d5b17e741607d8368e03648d748da105

Analysis

max time kernel
141s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2605559e1f0c163e2414cf7eb965d0b0_NeikiAnalytics.exe
Size

180KB
MD5

2605559e1f0c163e2414cf7eb965d0b0
SHA1

d876618c9f1bf9c4666ff9f6f1a491487520f728
SHA256

0c8f51dfd58caae81a9020107236b533d5b17e741607d8368e03648d748da105
SHA512

0adb5a74ff7e591299837ceef19d25253a3b3c4f75be145647dd1929a1beae8cdb287523187fd91f4fe3e601e21811a304f4f48a58ce66dca63aaeaf331a0a1a
SSDEEP

3072:1bFZBpiJrsZnWdErsjzlp8fWrBCYQupyttsMvTrUSEJH/86DVJAkn42LHUw:1bF3pSwxraz8fGxQGMvTrPE3TJX

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
3720	buhrkyf.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\buhrkyf.exe	2605559e1f0c163e2414cf7eb965d0b0_NeikiAnalytics.exe
File created	C:\PROGRA~3\Mozilla\oxnqgnd.dll	buhrkyf.exe

C:\Users\Admin\AppData\Local\Temp\2605559e1f0c163e2414cf7eb965d0b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2605559e1f0c163e2414cf7eb965d0b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2864

C:\PROGRA~3\Mozilla\buhrkyf.exe
C:\PROGRA~3\Mozilla\buhrkyf.exe -pggkiil
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\buhrkyf.exe

Filesize
180KB

MD5
ad7f48b3f6f3913a599902e36bd26970

SHA1
00d144d1509679c925e47216b7f633e0ec0d72db

SHA256
c51806420f65d21f9f8f9c79b91e4043a61aa3302cdebc8be612d12ee996f654

SHA512
b8c183c63046f9caa7936a03b4299568e72a3d9fcb46d1277f50db4301855916476859eda064f20a635fe6810564a06c00b15c980ddeb1a1fc7cb2098bea1e17

Download Submit
memory/2864-0-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2864-1-0x00000000020E0000-0x000000000213B000-memory.dmp

Filesize
364KB

Download
memory/2864-2-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2864-8-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2864-11-0x00000000020E0000-0x000000000213B000-memory.dmp

Filesize
364KB

Download
memory/3720-6-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/3720-7-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/3720-9-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/3720-13-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download