Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 10:38

General

  • Target

    b3002a49c930e4095fd31ff31a4fbc80_NeikiAnalytics.exe

  • Size

    135KB

  • MD5

    b3002a49c930e4095fd31ff31a4fbc80

  • SHA1

    6c77334a6cc4c88fe2ce4b70c7495b1453e286ed

  • SHA256

    406b2d75f880dec47dbfbd6e454a8f026f5d26dcdcd6cd49d4652d76fe0e95c7

  • SHA512

    ea4bd969096fb7f1b4ea97e81ca3dcda01eb0cf89c21044fb7a0b4edfaf623844105b360af0721a72db091b7d75ec528460f869b3233e0432638e229f8b9c50e

  • SSDEEP

    3072:dNQSeN8BqUPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtV6:fQqoIDbByGPMsMP

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b3002a49c930e4095fd31ff31a4fbc80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b3002a49c930e4095fd31ff31a4fbc80_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Users\Admin\muatoo.exe
      "C:\Users\Admin\muatoo.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2156

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\muatoo.exe

          Filesize

          135KB

          MD5

          7731ea52087a6ec813261fcdde94f909

          SHA1

          47bb674ce4517cabc163f02ea0f56be7d0d2cc7c

          SHA256

          ef4072db5f617390d494bdadc1f994bb1bc088eacd1d380b8bd3fe1d893ae157

          SHA512

          8ac5187dc9cd5773a1341994c952a68717002f79bf41f24171df4d4b3d24e1533eb7d21789deec18fb515fe931e8b356151b14b8c5f407d091f4333acb7a84ed

        • memory/2156-22-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2924-0-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2924-14-0x0000000003790000-0x00000000037BA000-memory.dmp

          Filesize

          168KB

        • memory/2924-13-0x0000000003790000-0x00000000037BA000-memory.dmp

          Filesize

          168KB

        • memory/2924-19-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2924-20-0x0000000003790000-0x00000000037BA000-memory.dmp

          Filesize

          168KB

        • memory/2924-21-0x0000000003790000-0x00000000037BA000-memory.dmp

          Filesize

          168KB