Overview

overview

8

Static

static

3

d404314c19...cs.exe

windows7-x64

8

d404314c19...cs.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 13:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d404314c196de1d943faadeb6ee659d0_NeikiAnalytics.exe

  • Size

    83KB

  • MD5

    d404314c196de1d943faadeb6ee659d0

  • SHA1

    b23ecf7d18928b63212576c2746e3b1ab1a597b5

  • SHA256

    4ea8e153f35070be7d6cc4ecf5e7f511d86ddf5daeb3ff0c26c74803554d6211

  • SHA512

    33fd7ec2bc55a2ab32a0482d9ea48f07d68e0c855603e5ae60854ed451ad7e2b913cb92d7a1fe045d7ac655974787e7a13fbc2785c566d8255050c35f68ea5bd

  • SSDEEP

    1536:aXn1JYSnExFkcgKKjxfmqshiKW5Xs/iYQqQJtsWFcdfRMvb+xWeuHik:wE3x5KBDYiKWm/iSw0fRMvygeu

Score
8/10

Malware Config

Signatures

  • Manipulates Digital Signatures 1 TTPs 6 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Modifies registry class 21 IoCs
  • Modifies system certificate store 2 TTPs 9 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d404314c196de1d943faadeb6ee659d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d404314c196de1d943faadeb6ee659d0_NeikiAnalytics.exe"
    1⤵
    • Manipulates Digital Signatures
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
      2⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:564

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/564-0-0x00007FFBF0A03000-0x00007FFBF0A05000-memory.dmp

          Filesize

          8KB

          Download

        • memory/564-1-0x00000233CD3C0000-0x00000233CD3C8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/564-2-0x00000233E7A20000-0x00000233E7BA6000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/564-3-0x00007FFBF0A00000-0x00007FFBF14C1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/564-4-0x00007FFBF0A00000-0x00007FFBF14C1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/564-5-0x00000233E7EA0000-0x00000233E7FA2000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/564-6-0x00007FFBF0A03000-0x00007FFBF0A05000-memory.dmp

          Filesize

          8KB

          Download

        • memory/564-9-0x00007FFBF0A00000-0x00007FFBF14C1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/564-10-0x00007FFBF0A00000-0x00007FFBF14C1000-memory.dmp

          Filesize

          10.8MB

          Download