340cb5d5c4cf1b0a755ca0013d069ab7c8c225ff31bd8b56d026a35628fbb66f

Analysis

max time kernel
137s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
Size

5.1MB
MD5

95895daf8ca19a671ebeab9d7b254710
SHA1

1e7c6d97bc5dabed02abc4839b5059f4ea2ae909
SHA256

340cb5d5c4cf1b0a755ca0013d069ab7c8c225ff31bd8b56d026a35628fbb66f
SHA512

47a6e1348fc4b28187bfc44d3f914206e2a51dfb3dd293d6299a04226a81ebfd45d33aa8d34e75bc956c1b5f9e9be1c113ae1f7a01eba940f332c78cdde4b005
SSDEEP

98304:1eNboDNNC2vRtOGITQ2V2K93oI7XdoIHGj8kQv+3Ts2BO2np5x4+LBkGXO:oNboD/C2ptOG6Q2V2KpoI7XdoIHGj8k6

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
2868	95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4168 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Bitcoin\addr.dat

Filesize
32KB

MD5
f3040e07c0522b7da89e4934e7dbdbf4

SHA1
82895b97ba2e4ddb3cc0dc50c69f00a94b241bc5

SHA256
8e006971095637fcc4de71076f9a4310ad0930f2c9f0f6fe9ec7856c2f16920c

SHA512
e825ef25e3da8efc9c0d4d8580d57bb32c53f33369ff12a2ff5e62aeca781ec4eabc5fd7df9bdc42c8a170d844d33649d1a40d5da28a0f73c7ccfba36449a650

Download Submit
C:\Users\Admin\AppData\Roaming\Bitcoin\blkindex.dat

Filesize
32KB

MD5
a28ca0050db70e73a57826a33c2b320e

SHA1
de10affac3fcc045204ee58a1a493a33de83bba2

SHA256
97235442302ee268ec397b9749a9940b537d541b6f1da767643cda1a5dac54df

SHA512
4230bd3850dea46561897da41c5ddf069fd4943b26ddeb992de888dc3d4f330ef2d80dfcd7878b1c2ab67652b3146dea49cc5d46fdf5ff520b7ab3bcd4fb0689

Download Submit
C:\Users\Admin\AppData\Roaming\Bitcoin\wallet.dat

Filesize
32KB

MD5
d7c840d358701019c6e9ad557094de70

SHA1
4b2e125ca9baae9f786f645ea7b5f071cb9cb70e

SHA256
8a5e73b9a082296b4bb1598177d09e6f3040309da43ebe4aed93f8999fd8c2c0

SHA512
29f9ae7ab26d2d7cdc4766c70834ce7e9febe339ef0259d11810f2fd37122aa752602221928fee67608f6c2c37d42b098a993f71a447ca790ec7d3414154e39d

Download Submit
C:\Users\Admin\AppData\Roaming\Bitcoin\wallet.dat

Filesize
32KB

MD5
a6c29bca7d014bc20d21f23ca3793d4d

SHA1
397a00840b3bcae9bad1135e952c04f600f8d082

SHA256
8677d968c18466fd2d373d9ce92cc42c3d28abf7c02c31b89283ea1f81773a90

SHA512
7333cfad1b686b52e256805c51f61faf141bccd02e5a6f4c5b285f56cc3ab1822808443b6f65b828e0abb7b6b54056311142aba228343609642631e6ae1013ac

Download Submit
C:\Users\Admin\AppData\Roaming\Bitcoin\wallet.dat

Filesize
80KB

MD5
a71ac49361124cd3deef99cb1540e012

SHA1
102d21f5ff11243d6a0c257b96058b82f83c0740

SHA256
3d9d2f5e824efe1a0dc0c67cfd18f40666a483a7b5032e6f025652b3c83d7a54

SHA512
6b2ff5edb20f4e1d93f99a03a23e19a5676aae1d448d7be8e14563c87af8c00e3af5eac41efb1e688e082d004c7ea34a652d7895d23d3f5d00905e06551ac1fa

Download Submit
memory/2868-11-0x0000000000400000-0x0000000000928000-memory.dmp

Filesize
5.2MB

Download
memory/2868-28-0x0000000000400000-0x0000000000928000-memory.dmp

Filesize
5.2MB

Download
memory/2868-0-0x0000000000400000-0x0000000000928000-memory.dmp

Filesize
5.2MB

Download
memory/2868-34-0x0000000000400000-0x0000000000928000-memory.dmp

Filesize
5.2MB

Download
memory/2868-36-0x0000000000400000-0x0000000000928000-memory.dmp

Filesize
5.2MB

Download
memory/2868-2-0x0000000000400000-0x0000000000928000-memory.dmp

Filesize
5.2MB

Download
memory/2868-1-0x0000000000400000-0x0000000000928000-memory.dmp

Filesize
5.2MB

Download
memory/2868-66-0x0000000000400000-0x0000000000928000-memory.dmp

Filesize
5.2MB

Download