f9fe2501b981c7f521605264c016de2543163ade1112bdf6f7e7d8041ff4cb99

General

Target

27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
Size

69KB
MD5

27c05e075db47daa607e21793384d780
SHA1

313baef3e8960ddff592e4f2ad8b37197d60fc5f
SHA256

f9fe2501b981c7f521605264c016de2543163ade1112bdf6f7e7d8041ff4cb99
SHA512

83e34c629fdef60e7032c20d01bed5646a2259aa726ec1f1fb6df54ac1844d2b444ce802343d73a439b86ead83f15f60b23c66886ad7b48e0c81937d1583fe57
SSDEEP

1536:y4QQ6NSyM61l19piO+LV8YEoI/EU9RUe4mCcbPJpewHf9t:y4X6NSyfnpijeYEoIcq4cPJpew/r

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4668-0-0x0000000000400000-0x0000000000464000-memory.dmp	upx
behavioral2/files/0x000700000002340e-6.dat	upx
behavioral2/memory/4668-28-0x0000000000400000-0x0000000000464000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe

Drops file in System32 directory 27 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Windows 2000.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\brutal preteen porn xxx.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\play station emulator crack.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\password stealer.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Grand theft auto 3 CD1 crack.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Serial.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\crack.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\MSN.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Website Hacker.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl fucked from all angles xxx.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\16 year old on beach.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Digimon.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\kill osama bin laden game.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Want to see a massive horse cock in a tight little teen's pussy.mpg.pif	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\illgal incest preteen porn cum.mpg.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\invisible IP.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - built for speed.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe	27c05e075db47daa607e21793384d780_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\27c05e075db47daa607e21793384d780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\27c05e075db47daa607e21793384d780_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe

Filesize
72KB

MD5
980d5dfa8e4ed8f8ecc4360176f5364e

SHA1
f464a443348222000c9904dd68337f3bafe9f3c3

SHA256
ca9480c82f1e6362d416fd741afcdd570f1f5cfa69181de7a3a78c1d91b614e9

SHA512
82c23411aba4c58fa898d06c7eabe13d356a6e83c3dec1aae5abcb511d67b7d9b5714eb6a8fb68a96a5be82dc040d8233e0f3f75de70bb4c5fa20d97f015b261

Download Submit
memory/4668-0-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/4668-28-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads