Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
20-05-2024 03:36
Behavioral task
behavioral1
Sample
a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe
Resource
win7-20240220-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe
-
Size
4.6MB
-
MD5
a20346873970849fe2f2a92f27a49d10
-
SHA1
cfe413d0c4c7f5bb2d28a055f8763eb9b1033637
-
SHA256
72d808ae03c9ef71daaf4e8c86d9d39127f211c1760e18848511d96fbc137213
-
SHA512
05137e5b14e158fc68f06ad1b708f12c44c1117f60be13127b7271bd4ef7e27520f365c918dbc44c5d51b6ea88f4686d459068f0579c10879e37f28150ba2917
-
SSDEEP
49152:l3Mlyy9gmGZyC6c8KPFQ3PgbRRdXVWCsVb6KUpZ+hDg1F2d63muLrYAGV5G0ROy:+lyhmGZyC6cDPFttXV5SbWf+YFCmwR
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 1 IoCs
Processes:
a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exedescription ioc process File opened for modification C:\Users\Admin\Desktop\EYϵÁи¨Öú\desktop.ini a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exedescription pid process Token: SeDebugPrivilege 2184 a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exepid process 2184 a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exepid process 2184 a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe 2184 a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe 2184 a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe 2184 a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a20346873970849fe2f2a92f27a49d10_NeikiAnalytics.exe"1⤵
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2184