cbe1872011022c61f43e49cd6968a42dd3334cf91f90607c01b4686957e059a1

Analysis

max time kernel
149s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2024 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
Size

2.7MB
MD5

1f3513dfc2078c75f090398e44a742e0
SHA1

fcc57ae8b769a46c5888a5c359708a1b63f0f747
SHA256

cbe1872011022c61f43e49cd6968a42dd3334cf91f90607c01b4686957e059a1
SHA512

29918425dc7d5529ec2cba85d38e2e84c9d6001db4776eb19f6d103011b425f5b694c6ec3c5c0d304da5bf8e885d16115fdbc27d201a98585fb0c25597ce687e
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBx9w4Sx:+R0pI/IQlUoMPdmpSpl4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2932	xoptisys.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrvAY\\xoptisys.exe"	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBKC\\bodaloc.exe"	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2932	xoptisys.exe
2932	xoptisys.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2932	2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe	91
PID 2136 wrote to memory of 2932	2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe	91
PID 2136 wrote to memory of 2932	2136	1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe	91

C:\Users\Admin\AppData\Local\Temp\1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1f3513dfc2078c75f090398e44a742e0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2136
- C:\SysDrvAY\xoptisys.exe
  C:\SysDrvAY\xoptisys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\KaVBKC\bodaloc.exe

Filesize
2.7MB

MD5
69b481f9f90847d73551813dfca02243

SHA1
7e5edc293d3c4e5d3c2104cea34089c9147e12b6

SHA256
e4e94e50c8c4278c186e69316843d8b420652da46f4c2603dca35afece1719d1

SHA512
5d819612b9ec9ef51131e8e222a35b368f9b2250feb8a5447ea15f9428fb596cde9a06349d31a170637166059d3a1960a6a767c603c53faa799445b939866044

Download Submit
C:\SysDrvAY\xoptisys.exe

Filesize
2.7MB

MD5
3ca414af968363fbcd8126aea0f2ec6b

SHA1
16129c551a976e7519a1d1a81587275fabb76968

SHA256
4cbae6c6066a977b3de0752fc6ab730f8ea084d8e8849d6f604b510d2ba7c751

SHA512
0897883dd96ccf65fcf2f5d9d9128b7a0cbed909f4699a1fc9370c3f641f6230ad2efb2480f26cab629b002334933d49e266829aea3ff23ac7143c3bfeeede5f

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
203B

MD5
1cfc8412b926cec219735f67bb067fe1

SHA1
848ed0928641c414bf31af7b74663e7c196aaefa

SHA256
81ca44cd62c57111991cb2c240a378473ddc49cd726e1ba91bac8b19dec15fae

SHA512
abbc210fd4656a4344f776d866f59b2e92167b2c54e8c3238a161c4244a5b8eaeb3b76850ebc9b3a00d1b42febd0eda6e5982b249c5b92c6bc502f2dab106d1a

Download Submit