628ed72792764376c48979d574faf85d38bd3c870a00b2aa1cbe2107616a7401

Analysis

max time kernel
150s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
Size

4.1MB
MD5

824b1f3a24138c6aaa8cce5a48323d00
SHA1

dca518dc96cb75d592ac50d7bd22343a0b3cb66e
SHA256

628ed72792764376c48979d574faf85d38bd3c870a00b2aa1cbe2107616a7401
SHA512

62bf1625d56e0becf17804a27f086e1a32731db2900fccb47bd29e5d3bfbff8e15cfddb56f0fb4a562ee01c8c0bab8f8e8e90b51c6a520b3524ca287842e1975
SSDEEP

98304:+R0pI/IQlUoMPdmpSpU4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmL5n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
772	aoptiloc.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintOD\\optidevsys.exe"	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesVK\\aoptiloc.exe"	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
772	aoptiloc.exe
772	aoptiloc.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 772	4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe	87
PID 4480 wrote to memory of 772	4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe	87
PID 4480 wrote to memory of 772	4480	824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe	87

C:\Users\Admin\AppData\Local\Temp\824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\824b1f3a24138c6aaa8cce5a48323d00_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4480
- C:\FilesVK\aoptiloc.exe
  C:\FilesVK\aoptiloc.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\FilesVK\aoptiloc.exe

Filesize
4.1MB

MD5
25a807208405db2d87a6f7775f9662ee

SHA1
8e1377632652137428395e2d9757d82c691a4e12

SHA256
a669de1852c4d102f12e0ec58eb1408f3bf3e957edc47bdb9f74064bc37a8c8e

SHA512
5e740d8549c92053b1524cf6213933ba47fe8cf7ee1292abb728a9523fc8b4fd894ee533f13ba387c156cf0238e5b0724b1793b6a8dcc9364e5dff8c75549582

Download Submit
C:\MintOD\optidevsys.exe

Filesize
4.1MB

MD5
5974ba1298fc8b4bc2394efd7383079f

SHA1
76dd3ca8ea108a5aa2d5c77d385e79057afd73a6

SHA256
aa9d0bb858a1b029582fa43f867436703a96cf510028783447bf47e56a958280

SHA512
f5475def1fd790e12ada256fa6ae9ecb422aca1e08fc8dc9eaa7d4e32faa5d387fa5e2af54a4e9b730619f730deaa43d5b1137138426fb779b95c7c532a336b9

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
203B

MD5
62d4511426316ea88e0f41a7146b8159

SHA1
38079ca6889a9d329130c4503e803d7b3350b50c

SHA256
2edfda285be78b3be43edad993a15799b433d18f8ce2311d0bc9a3902685eac2

SHA512
7a35cb50d0ea00691c1f7cdedc3c611afbe75daa251f6b5d8810464b71105b120de14276b3b540697dd3aafc525ae69213d334c6947caa47fe3f00b3b8e305d3

Download Submit