d8e63687c9b3f3754d31656365f63689174887fb47c01016ffb8017e3167efb3

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
Size

2.7MB
MD5

a621c91df7d84f9eebcc11495cfc73a0
SHA1

bd0ce59e9f655ca610c8a767f320b11873854328
SHA256

d8e63687c9b3f3754d31656365f63689174887fb47c01016ffb8017e3167efb3
SHA512

5fa15b6c611f482c8bd9146da2e8342602df3b772e6e26a07e4426e62edfc8ae199280f1abae1ccf74236b77a3753c1fc2cca4f02c16ad1e76a7207535282ac1
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBD9w4Sx:+R0pI/IQlUoMPdmpSpH4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1540	xoptiec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintXE\\optiaec.exe"	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotWP\\xoptiec.exe"	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
1540	xoptiec.exe
1540	xoptiec.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3884 wrote to memory of 1540	3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe	87
PID 3884 wrote to memory of 1540	3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe	87
PID 3884 wrote to memory of 1540	3884	a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe	87

C:\Users\Admin\AppData\Local\Temp\a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a621c91df7d84f9eebcc11495cfc73a0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3884
- C:\UserDotWP\xoptiec.exe
  C:\UserDotWP\xoptiec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MintXE\optiaec.exe

Filesize
1.9MB

MD5
d8b10352733472a95c56bf881bde37bf

SHA1
8b913104f29cfa21ac31536272a4f65c7692cfc2

SHA256
2fd5844d85a89ad6c446fbd4d74388a9cf50fc81a3ec636cedf7c33b571d1fee

SHA512
d88bf74c37110f0c9d90e4a1bae214d6faa40cbc8aa0a082c030d242396d153762b7d2d85928ab11f75b4ab46424548bc2580f65ff508c0a346fb6b8e7574dca

Download Submit
C:\UserDotWP\xoptiec.exe

Filesize
2.7MB

MD5
284a4ecb3f26fe30c96b87181d279cb3

SHA1
c34b136c5fca179bb17be2a3b0ebaba1b7acb349

SHA256
5cdeda54d5af2c5a628f7a3f69edbcd59de6908240176ed22cd0887ad11a7667

SHA512
6362cdfebe88c181663d2037fc9e436d7aff8f9e502acd4da7ddc9a0d0ec0576219db712f46d822cb0f32ad71d8d6c144857c37b4e46442baffcdefb66307c54

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
202B

MD5
c4bf1dd630cb8635f45ed57bfb28005e

SHA1
feafc587feeb927772364856e5d198029f366fdb

SHA256
a6db73d86981345e7d4bde3ef61c5cab5b64c8e01d3dcfadb8b46d7e961ff7a4

SHA512
9493913f6e2d3b833e6355673755c98fc62138e6a31c2535062b0ba5503bb5aab5682a6e263ed07c7fb71e82090c698522d90fc2055cd612f185421cbee92d3b

Download Submit