Overview

overview

7

Static

static

3

6b0f0765b9...cs.exe

windows7-x64

7

6b0f0765b9...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/05/2024, 04:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b0f0765b9b3b2e1b044750168f9efa0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    6b0f0765b9b3b2e1b044750168f9efa0

  • SHA1

    ba7a7d4241525db39d6a33612b876d24a13e28e4

  • SHA256

    a4a5b5398e121c73066425c267702add3bb4d41833f827ea59962d75a7b1f1fc

  • SHA512

    edcf17b90949cc56873c3f6cb7cf8d49b097d9c632432060578ec815fb1344d08984fee64bd7837f7e6bfade7a0155ac4ecedc7e079af7fbcac2e38e0828e9fc

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBs9w4Sx:+R0pI/IQlUoMPdmpSpm4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b0f0765b9b3b2e1b044750168f9efa0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b0f0765b9b3b2e1b044750168f9efa0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\UserDot18\aoptiec.exe
      C:\UserDot18\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxCP\dobaec.exe
    Filesize

    10KB

    MD5

    8bb03f5eb2cd8f96453b68599a551494

    SHA1

    ba5f909ff201acda0b64888d016ac41ca08ef328

    SHA256

    db1d248f9bdf4f80c067cff30406d63dad0e7c4f5c8bed10fc2344a50f02f530

    SHA512

    d0d6dbdfad35e6a999154b9765d2dba5c85e8f8b3c2d0f6dc5ab34dfdd1a58b811591c20358170d3e747cb5948a80b8ad67e3240748079482b7a2a28b84d9ac7

    Download Submit

  • C:\GalaxCP\dobaec.exe
    Filesize

    2.7MB

    MD5

    7e5c2e97fe7238b818ee6f65c172fb6c

    SHA1

    6c1054f03303b567284443027dba23cc9ff475ee

    SHA256

    e61c1dbb4ae04feceaa9d3c1502521f4129bdb29c60a9fa1275eed9c58970a19

    SHA512

    fceb41c442f7c702f6f61630a4f593d1ef43673d712585a5b723a7ddad82855043168375aa59ff491c67518c88fb642aa0e7a78fbd41d3cc83bc95d03de7c1ae

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    e8ac39fb68d5d581c87b44d0d8671790

    SHA1

    6ee15f51d2b94b1349fcde23ac71f35cc27b5219

    SHA256

    26f038ee2da6fbd7c364600600a37ceb3e479c5eb2adbb8f44ed70540149a434

    SHA512

    234805f231da770e9dfd5ef4a42d7216058edc990e183f1240e7a8ec321dec9c7297f37e2d8c01c46c9c8e9546e9224afb1e1e491153afd472008adb93c91d6e

    Download Submit

  • \UserDot18\aoptiec.exe
    Filesize

    2.7MB

    MD5

    04b99d6aa89ff6c60f49a5c05f00cf7a

    SHA1

    bb04f75882ea9b48ab087a09a531bc9e6a99f7cf

    SHA256

    dcd6ed9e4d91a34f23cdceb2b39c24528a0c1535cdb6e4fb2b3dc640f0e7a943

    SHA512

    a9e02d6386292f8ac54647a680850a8fed6a1f0c83c72d651c47f267ceee20b4c555a215ae8847ebb39cc1d97503a32537951ce507f25b1289de53a499513c5c

    Download Submit