Overview

overview

7

Static

static

3

1a4ea75fab...cs.exe

windows7-x64

7

1a4ea75fab...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 10:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a4ea75fab35867a8f68f73fdbe1aad0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    1a4ea75fab35867a8f68f73fdbe1aad0

  • SHA1

    50b9c6d48652dd8ed7889e0b46b7253f3f074e2f

  • SHA256

    02ec9b08157a3562672024ad0fd57dc8d47bf3cb083a0eac573e7ffd7455ff3b

  • SHA512

    e135812e25aadb0e9cc6123711c4d91db20f93c8e7d52ddb6c9641b5e1e7f9ad88f6d78072d0035778be1e0b522fa056e7022667a96d95ccc8bd4f841da0cf92

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBh9w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a4ea75fab35867a8f68f73fdbe1aad0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1a4ea75fab35867a8f68f73fdbe1aad0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\SysDrv0O\xdobloc.exe
      C:\SysDrv0O\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVB7A\bodxsys.exe
    Filesize

    90KB

    MD5

    24a68904a7e36b885be8e540a781aa7a

    SHA1

    677b59b3edf2da9aa7f2bdb0d36af284bbad9681

    SHA256

    203838974fbf8ac59260a71f573c798a764da2c4b4f51b9fd8c89c0ee7cef45c

    SHA512

    1c936660ea0e1c3b356498dfa4ad7cb6e93954bf18d8397b0f082ca5f781934f33c3e9a5d9c2ccdbdaf81344e48f18992e0fcc7781c9fe0d57e19b5ae1bec8ee

    Download Submit

  • C:\KaVB7A\bodxsys.exe
    Filesize

    2.7MB

    MD5

    6b5bca43e15134fb526e3905e62d8014

    SHA1

    bb63f4873d3e7d4b2eff921375dd4eddd3e6552d

    SHA256

    4efd9dc707c8878698f1493e9a0c5fcc5db0ad50c2a8c28af6efa9e9306b5aed

    SHA512

    13e02cbf0fbdfc6c5d265c6d4e65438eed9b77f913aa5630291cc38c3d9524aaef2edee13a63b1a5f4e33de01bb45c8555e43360473b9a466b76a6bcc53625a4

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    c439d434eaaeeae256033cf13b8edb10

    SHA1

    f0645933e37429d997e25f0bd8200bf0ee0d8ba9

    SHA256

    b8d2908075cb12d90a0627104865feb90adbe7d6c45d253296240e4a152720e3

    SHA512

    f3f2dbfd54a084ed99c633f0f1c00d3d841a55d4378b9ac8b891ceee2295a80760aef0d3b22971f23754b0b70f503b8ef65b170ca5ad6dd7c8ee2fc56927713b

    Download Submit

  • \SysDrv0O\xdobloc.exe
    Filesize

    2.7MB

    MD5

    bf5204082019123f70f6c2191b83f025

    SHA1

    a99f5f6d3a81fcc8321655ca25f218be409fb759

    SHA256

    f275fbc82d549b47db770e09b34899213a1e942bf482a19e04e6d138d232b2b1

    SHA512

    e86975a46fe06df406c92f5739cb5bafaef033ba198a36548401700a9ff6376765e2bbc3e8404a0166405cbb6d14cfc178f7b4741f4b0a5da9e7089ca8b856cf

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.