07c886327b0c7105ce251edaeb9117f8e8c470ee3f688ee05f4af6909a5ecb3b

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 20:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
Size

70KB
MD5

2cf9ab7713c55080eae952f3331429c0
SHA1

c7cd0da1aaee6b5830633eb64a59c09eccf3d61e
SHA256

07c886327b0c7105ce251edaeb9117f8e8c470ee3f688ee05f4af6909a5ecb3b
SHA512

583e0f01d7e18200faaab94cd437eecd3fc7ee9d21fc19ca695d34c164e5a19d1b48e833c0d1d45ec22f92319bb197e19eb47e335029c555fe0cd7c01d8ed47d
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSRjqZ:5JjcF8KfCOcjk+guPVjSRS

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4000-0-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral2/files/0x0007000000023260-6.dat	upx
behavioral2/memory/4000-34-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\Windows 2000.exe	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\chicks working orgasm from dude's cock as a present.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hot babe showing her pussy and wanting a stiff cock.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hot japanese office sex.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\illgal incest preteen porn cum.mpg.exe	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\cock forced in some slut mouth.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\sexy little blonde teasing.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\two large black bones in a small white box.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\honie playing in her cunt with newly bought toy.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\girls with cock in hand and mouths fill with cum .mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\toying blonde with fucking machine.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hot teeny sucking cock.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Winzip.exe	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Preteen Rape Sex Illegal - Jenny - 13 Years old.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\two sexy blondes share a cock.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\divx pro.exe	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\AOL.exe	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\busty asian babe with a hairy box.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\nude girl on vip beach.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\trailor tramp pissing for you.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\holes fisting to the breaking point.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Bondage Fetish Foot Cum.exe	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\babe doing boyfriend and his buddy.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\patricia arquette showing her tits.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\sluty cock sucking chick.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\busty older bitch gets slammed.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\win2k serial.exe	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hot girls who like cock but eat lots of pussy.mpg.pif	2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2cf9ab7713c55080eae952f3331429c0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Bondage Fetish Foot Cum.exe

Filesize
96KB

MD5
2d654cc06332b5a2283d74c68ab72b71

SHA1
296b74253f905b05c6767238b98127e2d233006d

SHA256
0ec93661b718753f06b1e7762b16171dc36ffd555eebc201204abe30b67cce53

SHA512
e201a97f5f365a74e55fb9115aea1d539a92786fe9ba06e939fa54eed0e434ebc2e419615a5544c36ba224c8b40184c4eb2315e5b103585e27d8814b599e0e14

Download Submit
memory/4000-0-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/4000-34-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads