Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09-05-2024 17:32
Behavioral task
behavioral1
Sample
a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe
-
Size
58KB
-
MD5
a97dbab45fe24e468fd08afc9345a790
-
SHA1
a14ba70e58334c30fba2c42b7147c31ce2f098dc
-
SHA256
2aedf4746fa4cd41ddcdc200c74d5dabf58e358b8edb6b848da5cae0eaa08345
-
SHA512
34fb29e6a38cbe2871ffa4972c77ba3b8610869cdaedd8397fe864a5fdb9afdc995eb7ba1c367d8a2f3428d1442798ce00c843fea0b619937dc912e5060c0e32
-
SSDEEP
1536:mzQjJuw3c6hqh1kJaJrNKx5tzzevaCpzqFFzWcXdqu7mOYhngYFD:4QduF60Q0X036aCBqXcY6tgYFD
Score
10/10
Malware Config
Signatures
-
Processes:
a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesOverride = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe -
Processes:
a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesOverride = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiSpywareOverride = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Update Service = "C:\\Users\\Admin\\winupdsvcs.exe" a97dbab45fe24e468fd08afc9345a790_NeikiAnalytics.exe