Overview

overview

4

Static

static

3

5808f7b38e...cs.exe

windows7-x64

4

5808f7b38e...cs.exe

windows10-2004-x64

4

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

CsvOperation.dll

windows7-x64

3

CsvOperation.dll

windows10-2004-x64

3

FileOperator.dll

windows7-x64

3

FileOperator.dll

windows10-2004-x64

3

FisheyeCtrl.dll

windows7-x64

3

FisheyeCtrl.dll

windows10-2004-x64

3

IVSJsonSdk.dll

windows7-x64

1

IVSJsonSdk.dll

windows10-2004-x64

3

IvsDrawer.dll

windows7-x64

1

IvsDrawer.dll

windows10-2004-x64

1

IvsLogic.dll

windows7-x64

1

IvsLogic.dll

windows10-2004-x64

1

MCL_FPTZ.dll

windows7-x64

1

MCL_FPTZ.dll

windows10-2004-x64

3

SurveillanceDll.dll

windows7-x64

1

SurveillanceDll.dll

windows10-2004-x64

1

TimeGridEXE.exe

windows7-x64

1

TimeGridEXE.exe

windows10-2004-x64

1

VideoAnalyse.dll

windows7-x64

1

VideoAnalyse.dll

windows10-2004-x64

1

VideoWindow.dll

windows7-x64

1

VideoWindow.dll

windows10-2004-x64

1

WebActiveEXE.exe

windows7-x64

1

WebActiveEXE.exe

windows10-2004-x64

1

aacEnc.dll

windows7-x64

1

aacEnc.dll

windows10-2004-x64

1

aacdec.dll

windows7-x64

1

aacdec.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 03:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5808f7b38e6e535e4937e44f9d383d90_NeikiAnalytics.exe

  • Size

    2.4MB

  • MD5

    5808f7b38e6e535e4937e44f9d383d90

  • SHA1

    0ba5a950d2d8dd879e0e1dacf6fda9abe7730caa

  • SHA256

    8f319a94ca172c493096b1f5089dfe0344dca3835dbb79e197d372e81a77931d

  • SHA512

    91dc2de80a8b42f75401ebf3a8762bec881e95207ca2a93c1fffb3f6ce4accb9c609518ad58e6e4503ccfab6f9db9bce96656c87f1a94623c7c1c646c603c80e

  • SSDEEP

    49152:b1x9Nx97QmVL7hSt4/pyoXelyosbmleddMb+89eyDW716iJpj:bj9Nx9pL7hg4/pkR4mleb8oyDSdJpj

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 32 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5808f7b38e6e535e4937e44f9d383d90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5808f7b38e6e535e4937e44f9d383d90_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Windows\SysWOW64\TASKKILL.exe
      TASKKILL /F /IM WebActiveEXE.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1988
    • C:\Windows\SysWOW64\TASKKILL.exe
      TASKKILL /F /IM TimeGridEXE.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2716
    • C:\Program Files (x86)\webrec\WEB30\WebPlugin\WebActiveEXE.exe
      "C:\Program Files (x86)\webrec\WEB30\WebPlugin\WebActiveEXE.exe" /regserver
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:2352
    • C:\Program Files (x86)\webrec\WEB30\WebPlugin\TimeGridEXE.exe
      "C:\Program Files (x86)\webrec\WEB30\WebPlugin\TimeGridEXE.exe" /regserver
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      PID:2428
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "atl.dll"
      2⤵
        PID:2888

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Program Files (x86)\webrec\WEB30\WebPlugin\TimeGridEXE.exe
      Filesize

      64KB

      MD5

      653fceba84fb1e06c1b100dc346da4ba

      SHA1

      0fd4901daa5ca9e13dcf7ef036e78469d0be0934

      SHA256

      678fd44b43f7707dcef415763f53641d72015643020288ccfc28adf649846b19

      SHA512

      ab0ade93a53f66a4ecc6238635321ce3c38bf3400df52c9afe4d6dbd857ab5c31a65cf5fc5f5b0b576b2746c8ab97d27bfad0378595aa2d7b92ea315ecab3946

      Download Submit

    • \Program Files (x86)\webrec\WEB30\WebPlugin\WebActiveEXE.exe
      Filesize

      160KB

      MD5

      074db80f527178fa4fc903c887f10c78

      SHA1

      3844390c925d6301e0ed761fe2806a3e727916b1

      SHA256

      92186bef8f533fc33e1b103a4d2a2b63e7a0a640f75a8e1a983a35438a424871

      SHA512

      afd5cdebb8c7b4b7cfecc255c4040aeab1a434357b043a22a27b89708f6a9a31656e07c72c5a89f8dda75382b0848dd1e9335707324393e4811380feaa1de817

      Download Submit

    • \Program Files (x86)\webrec\WEB30\WebPlugin\timeAxesDll.dll
      Filesize

      108KB

      MD5

      3571110f68f58e9612cee71724ef2f9a

      SHA1

      749897253d07ffba7d4664a5d0cc7a87ede765d3

      SHA256

      b2801090e36fd51e2536d1a82edf48acf02db6a44033a210f72814a60815160f

      SHA512

      4ac5b33d2d9a65c909862db961d1a2eb03e8391fc2b870a215c71e514f6a7e513ac461a97e4b2615083985f619862c4ed1cad71cab04d73175951efe262e90a6

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsd1D33.tmp\nsExec.dll
      Filesize

      6KB

      MD5

      50ba20cad29399e2db9fa75a1324bd1d

      SHA1

      3850634bb15a112623222972ef554c8d1eca16f4

      SHA256

      e7b145abc7c519e6bd91dc06b7b83d1e73735ac1ac37d30a7889840a6eed38fc

      SHA512

      893e053fcb0a2d3742e2b13b869941a3a485b2bda3a92567f84190cb1be170b67d20cc71c6a2cb92f4202140c8afd9c40a358496947d709e0c4b68d43a368754

      Download Submit