Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
10/05/2024, 12:04
Static task
static1
Behavioral task
behavioral1
Sample
daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe
-
Size
289KB
-
MD5
daa0dcfa7fd4104a26897fef6ca0bf90
-
SHA1
bb8177e1de4cf85bc8827547d8e5ac6f41e271b2
-
SHA256
8e8bb101a5d4fa20b6c48d965827ff065125639ce6433105b81402cdf8e872a4
-
SHA512
b084c031d032f1d547f7783f8bd4553a7bb44e89029a6e8419160b1bd9e04f5e06bfbc2640b545a1766c3ba925916b06498d5676d6f770f59ac043670e2225f8
-
SSDEEP
6144:gblyesukYZdvrniRfBgM1HSk03Ck4YukECzJLaQVbU5:gJ7Z5rnIHSk03Ck7uklJLJbU5
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2652 HPDGO.exe -
Loads dropped DLL 2 IoCs
pid Process 2556 cmd.exe 2556 cmd.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\windows\system\HPDGO.exe daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe File created C:\windows\system\HPDGO.exe.bat daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe File created C:\windows\system\HPDGO.exe daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1680 daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe 2652 HPDGO.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1680 daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe 1680 daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe 2652 HPDGO.exe 2652 HPDGO.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1680 wrote to memory of 2556 1680 daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe 28 PID 1680 wrote to memory of 2556 1680 daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe 28 PID 1680 wrote to memory of 2556 1680 daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe 28 PID 1680 wrote to memory of 2556 1680 daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe 28 PID 2556 wrote to memory of 2652 2556 cmd.exe 30 PID 2556 wrote to memory of 2652 2556 cmd.exe 30 PID 2556 wrote to memory of 2652 2556 cmd.exe 30 PID 2556 wrote to memory of 2652 2556 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Windows\SysWOW64\cmd.execmd /c ""C:\windows\system\HPDGO.exe.bat" "2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\windows\system\HPDGO.exeC:\windows\system\HPDGO.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2652
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70B
MD53c7c9d63f5880e69ad03c24566ce6cc3
SHA1a0165183d514fe77536db86dd4360775fb55a01b
SHA25655570d942f2aaa56aa020b6190411d5b4486b39f0ce89495885cca171df90c01
SHA51251f50a62852d5dec58f89d3b105cb5cee63583891c68d68f88832f8703730fe07af4cb1544a204b17cd1fe973277e68e8d0b659ecb2d0f438cc8fbe4ac645397
-
Filesize
289KB
MD54f35967ee25d60c7ddd9d7f14d2c7271
SHA10f4837e5c98571e0c72e30b633f180d6cd5d37ab
SHA2560a73cce350b6604bcb1f28cf2517ff3461b2c949ed50233ff45c45d77c119a44
SHA512be071ac15bf884afe6213a33f33a987fde84976d3fbc9159e3c1b94079358cc8887cfe4f1930e2ad42d5f970cac0d4d55cbd4683c81a58d349b90bfe15dda6f0