8e8bb101a5d4fa20b6c48d965827ff065125639ce6433105b81402cdf8e872a4

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 12:04

Target

daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe
Size

289KB
MD5

daa0dcfa7fd4104a26897fef6ca0bf90
SHA1

bb8177e1de4cf85bc8827547d8e5ac6f41e271b2
SHA256

8e8bb101a5d4fa20b6c48d965827ff065125639ce6433105b81402cdf8e872a4
SHA512

b084c031d032f1d547f7783f8bd4553a7bb44e89029a6e8419160b1bd9e04f5e06bfbc2640b545a1766c3ba925916b06498d5676d6f770f59ac043670e2225f8
SSDEEP

6144:gblyesukYZdvrniRfBgM1HSk03Ck4YukECzJLaQVbU5:gJ7Z5rnIHSk03Ck7uklJLJbU5

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2652	HPDGO.exe

Loads dropped DLL 2 IoCs

pid	Process
2556	cmd.exe
2556	cmd.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\windows\system\HPDGO.exe	daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe
File created	C:\windows\system\HPDGO.exe.bat	daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe
File created	C:\windows\system\HPDGO.exe	daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1680	daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe
2652	HPDGO.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1680	daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe
1680	daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe
2652	HPDGO.exe
2652	HPDGO.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2556	1680	daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe	28
PID 1680 wrote to memory of 2556	1680	daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe	28
PID 1680 wrote to memory of 2556	1680	daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe	28
PID 1680 wrote to memory of 2556	1680	daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe	28
PID 2556 wrote to memory of 2652	2556	cmd.exe	30
PID 2556 wrote to memory of 2652	2556	cmd.exe	30
PID 2556 wrote to memory of 2652	2556	cmd.exe	30
PID 2556 wrote to memory of 2652	2556	cmd.exe	30

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Windows\system\HPDGO.exe.bat

Filesize
70B

MD5
3c7c9d63f5880e69ad03c24566ce6cc3

SHA1
a0165183d514fe77536db86dd4360775fb55a01b

SHA256
55570d942f2aaa56aa020b6190411d5b4486b39f0ce89495885cca171df90c01

SHA512
51f50a62852d5dec58f89d3b105cb5cee63583891c68d68f88832f8703730fe07af4cb1544a204b17cd1fe973277e68e8d0b659ecb2d0f438cc8fbe4ac645397

Download Submit
\Windows\system\HPDGO.exe

Filesize
289KB

MD5
4f35967ee25d60c7ddd9d7f14d2c7271

SHA1
0f4837e5c98571e0c72e30b633f180d6cd5d37ab

SHA256
0a73cce350b6604bcb1f28cf2517ff3461b2c949ed50233ff45c45d77c119a44

SHA512
be071ac15bf884afe6213a33f33a987fde84976d3fbc9159e3c1b94079358cc8887cfe4f1930e2ad42d5f970cac0d4d55cbd4683c81a58d349b90bfe15dda6f0

Download Submit
memory/1680-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1680-12-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2652-18-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2652-19-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download