455b2c2e3e7f5b0564cdd9da94dfc0e5b9929daae89572419933404983cdeabb

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
Size

2.7MB
MD5

19818b7173f51bc9efac4fe9d6203f70
SHA1

f4c11e36a40cc8fc2088cb4546778577d585dbe4
SHA256

455b2c2e3e7f5b0564cdd9da94dfc0e5b9929daae89572419933404983cdeabb
SHA512

3be05ad2866b9f8f8e49497a954959020e213528e55e31f03523304eddc7aa9d80e59558b6fa5f811c93937f052da5000bb29881e46aaf43a3959cb6adebed75
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBE9w4Sx:+R0pI/IQlUoMPdmpSpm4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2932	abodec.exe

Loads dropped DLL 1 IoCs

pid	Process
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrv18\\abodec.exe"	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZEF\\optidevec.exe"	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
2932	abodec.exe
2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2932	2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe	28
PID 2252 wrote to memory of 2932	2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe	28
PID 2252 wrote to memory of 2932	2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe	28
PID 2252 wrote to memory of 2932	2252	19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\19818b7173f51bc9efac4fe9d6203f70_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2252
- C:\SysDrv18\abodec.exe
  C:\SysDrv18\abodec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LabZEF\optidevec.exe

Filesize
2.7MB

MD5
d49d454ef4ec1abb6f3f79a39ab7d845

SHA1
7b7f48474dc2d099f7955f2644d1e42b8b2421e4

SHA256
4cd423f3a54f2e6b17e24ace5841c8ba8d2b02b348f3c716eeae99e3259605ce

SHA512
037eca5195a429c773d97cac761f9908ccc669b9a44e7601700a764035b73cd3a2b66b8e6fde5730a271542dbb776f7136350e3291fbc702cc82a661ae43b8db

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
202B

MD5
d458f0669af0cea1eed79991cca045d4

SHA1
91251d64831012ced8315b8211f33d8095b1afce

SHA256
140d71189d4db87b5753a801826539a24f9947767a1c34ff94be2e7e0cc946d0

SHA512
e05f6953fba756418f9598a2dd74a1435b798b2680e401ce35f9f7c15394ea7fac893ae75a47ea3ec7168673e41158d16cb9a2ac59f69c636b4f985163c2c43d

Download Submit
\SysDrv18\abodec.exe

Filesize
2.7MB

MD5
f1ba9f20d0406c47255710f5dc8f76d0

SHA1
201d9a90d2f2c031cdf1c08c2b2d6ee6905335d6

SHA256
7e6afcc83a941ec30983a7a88ea8175986558e0f766b05b9903f3a92fb48506f

SHA512
773ef98715a7da58fcda802b227715bafa130f17c5540f95798565df1e1e9b392035639d86fde3e5e318ca32dc3c4426ce82d6f2107905a1bd9d12c28b4e8934

Download Submit