44a02bc5d9ad7e0e9b75115811bfb8b6fd7fbf13beee845d66c7e6696751056c

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cbe28d91b5e6a4824bba674459a4100_NeikiAnalytics.exe
Size

126KB
MD5

4cbe28d91b5e6a4824bba674459a4100
SHA1

c66a0f43fde9c30ef041dae0e72637fa0acfffa0
SHA256

44a02bc5d9ad7e0e9b75115811bfb8b6fd7fbf13beee845d66c7e6696751056c
SHA512

f97477efa545e98d380fd6db2af7ebc5bd90a6291993bbd0c67b49cfa15498bedd9ee17e2ef9c554d79e12ef37ee342a20f0927135c436ca6cd89f1b44680d3a
SSDEEP

1536:o1amlWVgnVvh71ZxPFyblsmpideum5CnoKuKiROHwCS5A3MIePWJXtgo5b81cY4L:8zlWyhDybme9CnzIOa5zIeuVbub/A

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2868	ykjyebb.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\ykjyebb.exe	4cbe28d91b5e6a4824bba674459a4100_NeikiAnalytics.exe
File created	C:\PROGRA~3\Mozilla\pjitnjk.dll	ykjyebb.exe

C:\Users\Admin\AppData\Local\Temp\4cbe28d91b5e6a4824bba674459a4100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4cbe28d91b5e6a4824bba674459a4100_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3208

C:\PROGRA~3\Mozilla\ykjyebb.exe
C:\PROGRA~3\Mozilla\ykjyebb.exe -aryugnm
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\ykjyebb.exe

Filesize
126KB

MD5
c189a024e341bf5e1c25e3004649b396

SHA1
59a407fbbc952d0e982cc661bf2d08e637554373

SHA256
a28f61c001b32d52221fcfdf73a3c11e135f5512fcb9bbb2ce84dbe7988dc00b

SHA512
555ddfa50b7770abad3780c40a94299bd55ee3602acba0af0305b271c4a0fda85e19b3bde7adfaa112bf9e2debbb60e123793617f02e0b41ebc8a64bc429d22c

Download Submit
memory/2868-9-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2868-11-0x0000000000E30000-0x0000000000E8B000-memory.dmp

Filesize
364KB

Download
memory/3208-0-0x0000000000401000-0x0000000000403000-memory.dmp

Filesize
8KB

Download
memory/3208-1-0x0000000000690000-0x00000000006EB000-memory.dmp

Filesize
364KB

Download
memory/3208-10-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download