c7c12915d80d0544902ff399e8aef3fe4e0c5e944ae6325e1df5cecdd678e6e6

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06a8db41dcd193bd777ebd5af0fb0ca0_NeikiAnalytics.exe
Size

32KB
MD5

06a8db41dcd193bd777ebd5af0fb0ca0
SHA1

1407b60048ad024fa23c0d9fabf4fdb2478722e0
SHA256

c7c12915d80d0544902ff399e8aef3fe4e0c5e944ae6325e1df5cecdd678e6e6
SHA512

9f33e4749ca1ff6d88a0d45c4d13fa1697e8ff33db5bd1245dbce9e19c449a757393f1730ab1c2d09fb45088f0361d654fd5d376527a0933d7b0b5623887a19a
SSDEEP

384:CU+fyyQ1KS0AC+1l91KldNAcZcrmFCxEF+67D3F4AjnqE:cyOE1wlo4crb67DF4A7qE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2992	opera_autoupdater.exe

Loads dropped DLL 4 IoCs

pid	Process
2784	06a8db41dcd193bd777ebd5af0fb0ca0_NeikiAnalytics.exe
2992	opera_autoupdater.exe
2992	opera_autoupdater.exe
2992	opera_autoupdater.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2992	2784	06a8db41dcd193bd777ebd5af0fb0ca0_NeikiAnalytics.exe	28
PID 2784 wrote to memory of 2992	2784	06a8db41dcd193bd777ebd5af0fb0ca0_NeikiAnalytics.exe	28
PID 2784 wrote to memory of 2992	2784	06a8db41dcd193bd777ebd5af0fb0ca0_NeikiAnalytics.exe	28
PID 2784 wrote to memory of 2992	2784	06a8db41dcd193bd777ebd5af0fb0ca0_NeikiAnalytics.exe	28
PID 2784 wrote to memory of 2992	2784	06a8db41dcd193bd777ebd5af0fb0ca0_NeikiAnalytics.exe	28
PID 2784 wrote to memory of 2992	2784	06a8db41dcd193bd777ebd5af0fb0ca0_NeikiAnalytics.exe	28
PID 2784 wrote to memory of 2992	2784	06a8db41dcd193bd777ebd5af0fb0ca0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\06a8db41dcd193bd777ebd5af0fb0ca0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\06a8db41dcd193bd777ebd5af0fb0ca0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Users\Admin\AppData\Local\Temp\opera_autoupdater.exe
  "C:\Users\Admin\AppData\Local\Temp\opera_autoupdater.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\opera_autoupdater.exe

Filesize
32KB

MD5
425856e0e2c0489a2dde8af86940f80d

SHA1
a2bb84c8ad5e64b75367653b38e7fac9bfd85b66

SHA256
a53f788ada2ed8c63c3f81716a713e5c6dcee835ecd5df33ccefae64f6c9a6d1

SHA512
c11643d7f84ac3da16595802fab671c2ccffbad4150f9a38146b295b17a743261bf248701b81cd02c3787d041ef7ec6be3a7b50064e851a0c39e989c29a937d7

Download Submit
memory/2784-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2784-2-0x0000000000403000-0x0000000000404000-memory.dmp

Filesize
4KB

Download