7cb64ffbddfb978413ba1b6ba1acbc70fd82ca74fb6630bc51de60fc89a516c1

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11f1968028762ac8d87e8c89fe545de0_NeikiAnalytics.exe
Size

464KB
MD5

11f1968028762ac8d87e8c89fe545de0
SHA1

9b707ba2380e8a98e2042b174140c77497d7f7a3
SHA256

7cb64ffbddfb978413ba1b6ba1acbc70fd82ca74fb6630bc51de60fc89a516c1
SHA512

297faf25472323b3ef2262df9de73c34627295b55b8f33d5deecee9dbbaace440787f06eddce234986beb844672b7827ccc6081bd88fe6f2a807c005290411d5
SSDEEP

6144:+x6iVRLGDZLdHbTLvSAuYC27NkoTD/Eyf/To1ysI5uw7+WJz6lyqp3U+iyPmyQC7:8F6v73qbL2vnTowJ6Vh+yPQ7rfcFT

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421875343"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000b0327093c2346ce66fd6bf5f8230b01b3da3873575ea35cd6847ea307e109662000000000e800000000200002000000028a706d5ca6106f898c18244dc248e5a03c88e7cb992805f9c3dbf18f507d0f5200000001ca9bed6e65e50ab5a8bae6250070f307f4ba2b6e0e4addc69486b991f5120e84000000024da08eaedb67a0a4d9fe8de20f4b056f9451ecd668730d1d4adc0e1e595fc1ff187c9f3d67b31c88006ca9185e05297bea167b0b7f2094a05ae7c7d0ecafe35	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10267da231a6da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000007a14a103e7a3fbfff86fd04d6ebf7f24d78842f8544840168e60a9b24e6a2a26000000000e80000000020000200000002596078e3b18211e42b2b6d3b28e9b537a47ccf821ca2ed55113917d95a51f0a90000000998a4eb8176c3b6da1deeefda539cf1ab6b8a149426460e1cea40df17d864e9979d04c3750cc208b364621cb3db235d3c43eb5ef91618b06c760a2069c5a2eb1486b4c8d3e7814d6c9d503ce292fba59e07b0c3016c3bd5b667f4988451df19d2595ef8f686b6f3acc6318f784cb93c7181fc20a0ee083baaac0064956c1557afe1449499a3242b16f1a68f90a219dda4000000024ca83973bc34a3364643ce9a175ecee816532efe727ac224913d0c678b446d989a93068a2db7421380c260174f91ca864e8349526c920f402a1828b8b44ecb2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CDDD3661-1224-11EF-85C1-E69D59618A5A} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1616	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1616	iexplore.exe
1616	iexplore.exe
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 1616	2888	11f1968028762ac8d87e8c89fe545de0_NeikiAnalytics.exe	28
PID 2888 wrote to memory of 1616	2888	11f1968028762ac8d87e8c89fe545de0_NeikiAnalytics.exe	28
PID 2888 wrote to memory of 1616	2888	11f1968028762ac8d87e8c89fe545de0_NeikiAnalytics.exe	28
PID 2888 wrote to memory of 1616	2888	11f1968028762ac8d87e8c89fe545de0_NeikiAnalytics.exe	28
PID 1616 wrote to memory of 3044	1616	iexplore.exe	29
PID 1616 wrote to memory of 3044	1616	iexplore.exe	29
PID 1616 wrote to memory of 3044	1616	iexplore.exe	29
PID 1616 wrote to memory of 3044	1616	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\11f1968028762ac8d87e8c89fe545de0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\11f1968028762ac8d87e8c89fe545de0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.cbsupermarket.com/fun & entertainment/novels & ebooks/bead-beads-book-beading.htm
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1616
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f100ad17c6a69118298140138c56acad

SHA1
847d9a5021a8fc49104541d1b98d79a7ae85d339

SHA256
0752d4980c64dee1f26a4bf59c6caa119e25af921394a59f8f64e2875ae98acb

SHA512
72e1ce956d23b55962438b52d8a9fd6cd1e7ef9cda0bb19ceda57876d372f12a20f44d3e3cb83dba4cfcb71f22b3f42435bc87498477f3665925846e4c4f2b3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
376186d1cfa77d60e661d88fc1df9ebd

SHA1
6f51ef1ba98ead9d163849e2313ec82839bb88de

SHA256
7c89e3605829c34b6c606290ffe41813e7550f476de627cec54dbfa28579986c

SHA512
6e9cbb2fcfe8fea4284dc8c9565f1b4bb151449043e2b60d782171cdd951495558a5d3b7ae31cef0b099e0cb9aa6db39bf503c3ec1a6c78bf14a5ccb1935817c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7b684ec6519e3a7a5678c415e909e79

SHA1
6332cc4fbdbcfe89c71c919e5c1ecf1b8730a2fd

SHA256
2684ae0da09ac0ed74afe57a6d494442fe0824a822e132814e26367162eb95ff

SHA512
40e44ed1d7de0ad80625014c12c5eea8c7bed20740b3d779b40509502f1f90dcf6c75264450cb59936ed1fa9383741efc2d15e97c24d542df0c7e47dbe08c4f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
becf445b8041e9fd9013bbcee814deab

SHA1
22b960921c924ccfa22f90aeab9470abfa06e03a

SHA256
caed494bcc887b17b2eea776e2860ea27bcb8ca1af91772be5d6f27581890070

SHA512
b3e2b562d3f9d549f7b037ecb088a7b1f06cc1e735b33ef7499ea5ff35d356fc8c6daf8ccfbcd33603c1c28b8494841f30a0c60e49b906df7eceea0ab3d14646

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4472720be7ed2685570d4522e47f009f

SHA1
b4f6485b29b53e803e500efa801f19ee148a4e53

SHA256
8d1b04d199abc1bc62763e4596dbfd1b947b0984985c308f36af06cf8b83f599

SHA512
78806c0bd58f168188fb2fba4e1a77a96801f5a806c5a467e93173bffae8658a2479b077272d6bac7ec25c7f50debab5358b5e904e808b1efe1e7f7e977599b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
093ad92278c5f3e8ffdeeda942df80c1

SHA1
84101d8df365fc9f04bf53438fb6b474eda27605

SHA256
5f61c770569873a77254d5be5a8732baa39311987fee17b8341e942ac7e868b0

SHA512
44fd72af7ded2926abb9656a31578bc50a6cc5607bd2907bc65f7087fb3f4de37e9e95b3b08f30a9feb7772bfb61687714dcc842457104200c7994d0dc90f223

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9d19156db1eb9d1797fd284ef8d1194

SHA1
803f4d49f71497780a8403452a8cffdae16ff9c5

SHA256
1103a5bac2bb627d137c2eb06e43d33625f851bf76750042c388f66018f133e2

SHA512
dd2e6ff72c861989de22dc99de43bdcb0242397e6421887bafe34c501987146dd398734e6d6a4374dbbbbc3dbe347c90f57a08e6c22a147f7b421a4a48ec35ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8b7c0b62e76f87b907267ad80da8168

SHA1
84b21be76d8fa562018ef5d505dedd5f9ba2fa39

SHA256
25a66fcb5b354e51ce074822f271095ef2517bed513cd04c658c2a05aafb4b71

SHA512
2eb542ab1cfe01339be24392e7c84e775faf73b367d80961177de52926362bbc37e8b82f9cff71e959b47ed45aab2f85e94ef1d097b72c28ed812430bdf981af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9303ec859fcc1a2b2e99e2fefcb44671

SHA1
1fa3d31888e88f8ffbf2309cdd97cc798af2c20e

SHA256
2c73504970c542ef6fa86c32dd1e7d63f033ae28520c0b8b8e7edbe67fd87fde

SHA512
22568c0705488d9580d0ff7093c6077e752da3d8ad9b524cb3449bb456111d0fb7381ad3df80f0f4d0f7d4e5b26a240ab3a72c7c2c1adad4f438f10e01805a4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ea35934ac0577ed88796b82a8bf030e

SHA1
b4fedf8b590ed10c0aba5cb2a4b4f1105a67a0b0

SHA256
84b38606c91d1397832d1a779400ca51b6b32f9cf33d9244857ce322c570d918

SHA512
0e1b73654204f75412b0dac54e88061679da034d7cba3c203ca75354908206ff4d89841a96026166dbfa405baa5e2edf2f90122bd8a42569c63251259cadd465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c6a0c7e290073055211825789788375

SHA1
1b31344cc44e642180f582ac3b943cddad5e0df0

SHA256
c9d719469191a788e96b67c376d541e07f850e1e3511c497e0c5c0952b47b0db

SHA512
f3ebe6386a2927a7b5864a523abbb8345a408ddd046b9673873f2b66f9b9bf7a7445eca906efbaf5b1aa4be6fbafbc127425b95127892705725503a59548363d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fa74a1691defe5be3979a41e959d1ea

SHA1
d0d436667d78c29a113cfa891504189669cd5a42

SHA256
7ba04b132c10bc5a5f99c60f00d2bd3c8ab42d6c2e755d8d74b59f3e6e827b8e

SHA512
ffc30bd8f1ea81abe9f4bbd1cd268c4a0ac3c472cc7d96d1d30d969c1d0195cd6c07e666cac47834c3408846adac10f9e8b1f158ad4c970872ee8556e4c1c545

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12bf535c826c448744053127b9d1d29f

SHA1
78accd2ca9d9382e96d7c9832b5f0479b98271b8

SHA256
8474fc9857a99b660f718205f03709a7154d3b91274d2d2660ebccedf77e5171

SHA512
3da5b7a13c3ba3e7fd27fd5931ca2e78297a338449be8af2bafeed5ab1780a29826ed246e9ca7af14ce9ebdd2695d1af8a50be75c9f95f1a16444bf09a146f60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3aa69f77804c6ef5902aa351c0c4f83b

SHA1
185637392306f4a21f9ad5b6310965ce3d981dd7

SHA256
1c5f5f211f00190f4a42918dec2e21f39c5c5f76bc2310737c42bea9b9ec6572

SHA512
bfe527c239a2acea7607a55e2f8d0893e6391575f0d4e76c3c90d4d0e3b9ad5f5f6ee3f047bbfb92195ec7042151635ffe77ed3257528c279c5497523b0ac2f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c08148704e54dfead54d75a571b7ca2

SHA1
05aa43946cbdf23452142bec55aa0a1b5b81c444

SHA256
b38251b61a724329bf4d4fc4cbd842b9594432beee99f8f926fee60fc20eaea4

SHA512
9465d8d711e61f529a6f74a2bef09be0715e28f5fa5792128a6ee1f6e0a974f00ebe26da5b172867cbec82a897b093c0ec56344ed5bbd205c0c65cfb71523486

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7d23854ad74da6285abf5d13715b0f5

SHA1
294e17ce6323eba2f0fd2317b362ff0eff34b4d1

SHA256
a9a577aa480dfc605805e694853c2facd3b58f60704ac51362d5003ce930be6b

SHA512
aac89e73038a33122a112afb7251feb34599dfff0f8bb62ab2df6ac2e1e4aa2b43e145c077ebc2b836514a3c1797f6b71075ac3ca29210975bd14406825ebc95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2DB8.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E18.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/2888-3-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2888-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download