Overview

overview

7

Static

static

3

e501c56913...cs.exe

windows7-x64

7

e501c56913...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 16:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e501c569136c26be41c69e6f059abc20_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    e501c569136c26be41c69e6f059abc20

  • SHA1

    8f1e0b52f4676326c829aa20e745f217a94b11e2

  • SHA256

    ef239bcf65c1d9dbd161b29258dd0e199a0c7b0e69391e58d34c9d53e20f4653

  • SHA512

    ed1e08cdb39faa0dd0f54e8e0ab68862b93e621db129750c7ad0a7f09eda33a5606953cf5b5e9f8fea84aa4b2ee6c057d4d213fba9e7abf93e9b4410c592e350

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpz4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmI5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e501c569136c26be41c69e6f059abc20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e501c569136c26be41c69e6f059abc20_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\FilesIF\xdobec.exe
      C:\FilesIF\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1300

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint3P\bodxsys.exe
    Filesize

    4.1MB

    MD5

    33e39165e0c39c2500e769c498738fbd

    SHA1

    24d1503b3ae38b303deb2479f15c52e7ac39e20e

    SHA256

    d0de7bb9d10f4ea8006ef8545fff19828f709fadf51e46f1f09333042c95a9a1

    SHA512

    ac4dc6c2f0a6314e1067949f423d3f312e58c939ecc27a94955a93493722f6e91ccc8369b90e5bcf92987d115846008eeb84301ee8bee65aaa7614fc5cb74918

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    199B

    MD5

    ade152b4ba44a63d0614584c98e4f3dd

    SHA1

    e77547ba0d4fe52a006307ade632d32cdae07adf

    SHA256

    6d15bba21e57d533751f8f5f1e18f87f8e80f6bdc3f450696b2ad01fd96fd3c0

    SHA512

    5e38a4fa31244830a66d30bba63fb97d3b2b629a263d52d446588aa19a83cdcdea91d7c717ae36ac1ae25e5a8feb4d162ae6bff28e0ad9c60c305eab900f11ae

    Download Submit

  • \FilesIF\xdobec.exe
    Filesize

    4.1MB

    MD5

    b897c444f233086be0974d9e16f7cf35

    SHA1

    16beaa383c322a9e6ecd3e44ca8d599b98a8fb8d

    SHA256

    fd09124bfde15fe433c86a6551186edfde146dfb1f1d3a74779a1aebb47f5408

    SHA512

    6c184b876b0e02d2c0835da3a32ee5dad3b4c753cc79e3d1e7f226123d3975bf3603732e07fde6f690251c838406b2b16d6f5d476b03b5717d06e2efb1d5b6eb

    Download Submit