Overview

overview

7

Static

static

3

121e83653c...cs.exe

windows7-x64

7

121e83653c...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-05-2024 18:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    121e83653cde87a952f3ed7a70a28e20_NeikiAnalytics.exe

  • Size

    1.3MB

  • MD5

    121e83653cde87a952f3ed7a70a28e20

  • SHA1

    3d8c4d4df93a8e6d7f7529c8c471bb64bc4c382f

  • SHA256

    f789f2f4e3cdd0f1b6cf7e756187039fbcac9ce53fc2b5f0c8686a758cda8694

  • SHA512

    d87ba0784e7b0e1c17b86d4f99820cfdb7e90637454edc9b5d6316c1c04cca127f5843f70c2fd4e2ceca28711b475c5109e1dacfb81cedceab54129d3dffa44f

  • SSDEEP

    12288:ifqp/SInr8vv2BDeT+bVYHTb3FRk/rMNxaXqqlPbJKTGv5DYFXOBnXREHa:2c/i328ab4F+rM/aXq6bJfBUam6

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 9 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\121e83653cde87a952f3ed7a70a28e20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\121e83653cde87a952f3ed7a70a28e20_NeikiAnalytics.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4108
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4828
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:4804
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:1852
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:2672
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:3340
    • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1304
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:1496
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4192 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4128

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
        Filesize

        2.2MB

        MD5

        72bf69cef508f9c5401110fc95bb518d

        SHA1

        72e117b885d74380b4a0f698db1fc666688ada43

        SHA256

        fb1474cfa04f8a0c841bf446e3f4a78d6639fcf9a2a4ecd1d1a9e0e3bfdb91c0

        SHA512

        9a5d1fdbfc9e38a9a42d3a1eebb4db508879c96cf96c2fb24dbb3419df61337b9d57d4b4be8d9ad5547ae42bb32622d0078f1333df50506c39547f1c9fbc4913

        Download Submit

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
        Filesize

        1.5MB

        MD5

        07a18d30923dc501892bc0f53ad317e0

        SHA1

        1517541c7dc1f2cb44dbb17a4a74ed044f559ce5

        SHA256

        88bfb538dc74d6c601117796c7c75e6ce916fe98fa031549a5b67725d018fb41

        SHA512

        99229730fe505ee77203893e49f20edd6e608e76fe853fb1fa7113df6478fea3e5b1bf02e772e57e1e98d2df5dd2996b333129342444a9f219ccb4d299729ac5

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
        Filesize

        1.5MB

        MD5

        d3897d58f4e6aaa20762108b2e53a999

        SHA1

        f8205520967adf696c1442beefd4f2880e92c4be

        SHA256

        402f9c00ae723195ae78dbc8e7384e0f60b7c18b2899e9da2668e532ca7b4832

        SHA512

        bdfe8580e9f672501e88270a3c1384298cbb21be8883d2e4ed6dcb5297f89c174433575646ddd8f6cb17488751a7e17445a84f861f2f1590ae02b1a73a79ad39

        Download Submit

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
        Filesize

        2.1MB

        MD5

        12e1dd514b6bfecc93f14a1ac32b9eec

        SHA1

        f83e1dd7ff3c4a3b529cb943182a8f0f8cfe117a

        SHA256

        2eef6bed7f6bd6e1df39d2f5e451f0259329f1bafca54f8f48b5b1c1b8990f7f

        SHA512

        3303a0ede814f877765969f97361a1cf5ead2ed233ab7f851de2c830e4bef31f9343aae0b1f41dfe5078dbd87b26f835f0693e7f52d86c77f16f92a06dd7edfa

        Download Submit

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
        Filesize

        1.3MB

        MD5

        b4f737d3073c71951103a5f89feddfc6

        SHA1

        d0c7d1bcb2c8158c7a9c6a15b8998307e74ee659

        SHA256

        610f0b2c178415781db829e7b852ca74767e700ce4db844cd2b4459cfe590f32

        SHA512

        de5d44b7180bfe3f53f6671a6a1dbf95afdf1b9b8b7fdf967f6691591e4ca20caeff3296b98a559e55756d5618bf6dbfcd7bdf19333ef81030b15a3396f1b6c8

        Download Submit

      • C:\Windows\System32\FXSSVC.exe
        Filesize

        1.2MB

        MD5

        c3b2b920b0e19040edf3b6691136a5f5

        SHA1

        065ced437ec6ec1f8d59f3128abbcf36d52b8424

        SHA256

        16b0494595d9df56aac115cdee8f03dc31abb91b148def1208ab674232c1ed22

        SHA512

        60783967cca543bf312ab1db4dc166d5b3c550f6377c69ca85e2a4e2e8f06fffa5f5caa279a54ce9ce06285a36483148829e13dcb426c1780955c0588d0c51f5

        Download Submit

      • C:\Windows\System32\alg.exe
        Filesize

        1.3MB

        MD5

        65e16b89447d498759141d82b3729298

        SHA1

        7ceb527897789b7bbd979f4d667820fa4d246a58

        SHA256

        bc4f15ae5dc938e8b967f4fd889a53a1e7d33d7d8df930919e4f1c2935d105ee

        SHA512

        4bda3d2c296e34fd7803c1e2ead4b8ac7d2ba075e868b95ea9f0f6d91f71f4427cc6de3ec1e3f16b9833f5fc6a6bcc49b04c3513a3d830f22f9354257bdbd0d8

        Download Submit

      • C:\Windows\system32\AppVClient.exe
        Filesize

        1.3MB

        MD5

        5d2fea24125341a92211950dd3b0dcf8

        SHA1

        1936e3c6616f80609bfabea593c102085d8f5ae3

        SHA256

        63e0a0c6dc7b9cb09b4df0785c7622969edf0d0c911cf09c03af967017b9e5da

        SHA512

        e63ea7c9461ceace7ea126fdd516ecf4aa77519d17020e75905ba10da6baa8049d9f36b87afb81e06bd55fb911cf872da5fb502abae7498ee5ff2b831d71cf2f

        Download Submit

      • memory/1304-71-0x0000000140000000-0x0000000140245000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1304-212-0x0000000140000000-0x0000000140245000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1304-69-0x0000000000990000-0x00000000009F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1304-63-0x0000000000990000-0x00000000009F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1496-227-0x0000000140000000-0x0000000140181000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1496-80-0x00000000007B0000-0x0000000000810000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1496-87-0x00000000007B0000-0x0000000000810000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1496-82-0x0000000140000000-0x0000000140181000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2672-47-0x0000000000530000-0x0000000000590000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2672-49-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2672-44-0x0000000000530000-0x0000000000590000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2672-38-0x0000000000530000-0x0000000000590000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2672-37-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/3340-51-0x0000000000C50000-0x0000000000CB0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3340-57-0x0000000000C50000-0x0000000000CB0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3340-59-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/3340-210-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4108-7-0x00000000006E0000-0x0000000000747000-memory.dmp

        Filesize

        412KB

        Download

      • memory/4108-62-0x0000000010000000-0x0000000010151000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4108-0-0x0000000010000000-0x0000000010151000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4108-75-0x0000000010000000-0x0000000010151000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4108-6-0x00000000006E0000-0x0000000000747000-memory.dmp

        Filesize

        412KB

        Download

      • memory/4108-1-0x00000000006E0000-0x0000000000747000-memory.dmp

        Filesize

        412KB

        Download

      • memory/4804-154-0x0000000140000000-0x000000014015B000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/4804-27-0x00000000006A0000-0x0000000000700000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4804-33-0x00000000006A0000-0x0000000000700000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4804-26-0x0000000140000000-0x000000014015B000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/4828-12-0x0000000140000000-0x000000014015C000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/4828-21-0x0000000000720000-0x0000000000780000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4828-107-0x0000000140000000-0x000000014015C000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/4828-13-0x0000000000720000-0x0000000000780000-memory.dmp

        Filesize

        384KB

        Download