910964dd9757cbe3255b26cb2b4fab41ec25dafe15bc29969887d2a17327f637

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
Size

2.7MB
MD5

2ac0b2af78b11c0a2c5fc12a1b573530
SHA1

d847aa5fde3b2dff46bb768ad6369989a7591984
SHA256

910964dd9757cbe3255b26cb2b4fab41ec25dafe15bc29969887d2a17327f637
SHA512

e193e8419f8a031acea634e68e14e05bcf9e6d14eac96683650c4a577976da7f79588f7287e27867e04d75908a987007533140c3ae81a4f89239dc6e7d080807
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB19w4Sx:+R0pI/IQlUoMPdmpSpx4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2944	xoptisys.exe

Loads dropped DLL 1 IoCs

pid	Process
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrv10\\xoptisys.exe"	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\Vid0I\\boddevsys.exe"	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
2944	xoptisys.exe
2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2944	2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe	28
PID 2836 wrote to memory of 2944	2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe	28
PID 2836 wrote to memory of 2944	2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe	28
PID 2836 wrote to memory of 2944	2836	2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2ac0b2af78b11c0a2c5fc12a1b573530_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2836
- C:\SysDrv10\xoptisys.exe
  C:\SysDrv10\xoptisys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
203B

MD5
e306d1e210845c5416ecc1383ad640a5

SHA1
f18c1202a1d7af064690166b353cd38783815ab7

SHA256
c10834a2e3a4bee05b6234792adfb955c7bf65ecbf6dfc4d4ab186aaef9099b7

SHA512
2a1836746bad79dbe568dbedbece2b03e46ebd5800a1d08708d3afb20434d035695e094945105d32df4d8af70aa1167dbf2cf08936fb49d03fba234955d5c12b

Download Submit
C:\Vid0I\boddevsys.exe

Filesize
2.7MB

MD5
d06823792bdf457a7150a3957bf993f0

SHA1
cddf5a5609aa7dbf1427ade9835581215a77a58e

SHA256
2c28b622c05452ca147c38e65a8286b4bf5a84557cb11de9445246dbc9da639f

SHA512
c7ba816d383436e1a35b16f6395a3d28ec4beee0b8a7fffe54f63c4b8d6d455bdc958a153f1d08e6fedd3d82bde5d00b45c4e736ae09f16ac792ba05f65beb2a

Download Submit
\SysDrv10\xoptisys.exe

Filesize
2.7MB

MD5
47cca40992a24dfe56c74adf909e51f2

SHA1
09003829c0a726dd611c096d79458e9f81e529c1

SHA256
de58daac27928e772319c5e30f4069dfe2f6645888107120d2e33ff45652cde5

SHA512
e903d3b59a3265a81b30743e6a1d37a5ff6be860696d7a848520d46f76f0732f6cff8e9c2cfe6d90c76727610aaa73a88e094a3fa00cd921fa2dcdae2ea23d70

Download Submit