Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
22-05-2024 21:56
General
-
Target
45d522fdff0ea0d34d46517cca7bc790_NeikiAnalytics.exe
-
Size
200KB
-
MD5
45d522fdff0ea0d34d46517cca7bc790
-
SHA1
532d9f00b10659e599ff4f30a4b2e0a9003de134
-
SHA256
8c20f4ee5737efba868e041be6a194c4c4f52d4ecf88ea3a521b3074a7a1c14f
-
SHA512
3b36eed13549a686efab62756391498ead6826fa668f65c701a3a3fddd94ce00700748fc8984ea0446c96c796796b22172c9995d9885f12c7008ddaf85dfde69
-
SSDEEP
3072:wy0QyBG5Imeb/wOoYdQacLnbO3JKpRiDND5erX7skJLBiyLkkLhfVu/N8e:YIIZ/wnYdSnoKj8D5NkJLkIAV8e
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 5 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Modifies Internet Explorer settings 1 TTPs 52 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 29 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\45d522fdff0ea0d34d46517cca7bc790_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\45d522fdff0ea0d34d46517cca7bc790_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\45d522fdff0ea0d34d46517cca7bc790_NeikiAnalyticsmgr.exeC:\Users\Admin\AppData\Local\Temp\45d522fdff0ea0d34d46517cca7bc790_NeikiAnalyticsmgr.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD59208815c189f90e529d83509bd08d140
SHA1da64f6de747180ecd4737554b65b6523665386a1
SHA256c60ef6573c47a0c121be6427d234cf9ac8abdf0d11287c9aa3bbe19d7473c703
SHA5126f17edc6176b614a2e5229fee5f011fbc8670a92a21a1dbb08c9cced74d6b6a8f7e6c16aca4a2a71244ccf951fdb570b5d4c45c2aa9cc48257b0f8af2dc3d638
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD59c2e1642b2bcf192296c2f78545cd794
SHA16a1fa787655e6f1a95c13c16d401ebc94a8babe9
SHA256ce2459aae8b9555cc27da5a205a106266ce1eafe40c201ec0d718066bff60cbe
SHA5122062fe3840e605f025b417e6bed2e2d806592e6f0bddc69aa59246957a991662d193cc9d1255952f8ca79086999eec731fa4c91f383ef8786b80380f90580606
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c561149c6f99cd70e9c6e0643388a0d6
SHA18c47f3707071e8882bc338408fc0c1c00d443268
SHA256d4d24d7a24acc69ff1931003bdda3aecd7198eb5b30afc78b71abf5c097d8d91
SHA5125e06f7dd7d190c36aa3a20590da08b8dcdf738300b3a437a8b311bf11103c425bbaf5235800ee53691b2c4501a4705b2805a9335457ea68b8efbf81536e52ae3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5118a3cad9cd6699444b2e6ac9d7d54d4
SHA1cafb69c223bbfe601b3ae1a30ee78c60240068af
SHA256f48fc198e839651366820dc6b86aa204de153913c4d0003037bb05f5283fd102
SHA51270bca2420609db662e26ddf2b6612639fdfd32d0e70fe77ae5894bc0019223323ce57c620f4bdeb45f6d9744adc9f2cce6a6bd537a7387390475e2041e4b4d2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD555dbc0196342034f2dce1ab1b3503388
SHA10098fe8dc7b0bb241274e2ca8ce8db2fc6b62fae
SHA2567c4448558f046812131241492a1e0dfa9a2c5bffaa57f5b1b780f9cbd3364daf
SHA5126f7986bc6f87c9dd960dcfa0873df9bb09b2abacaab64fd43f1b1ca5a9bbb84e35c9ad75243d9876974d374e1dcc4fa509342ad6282f284348f41e195339920f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD578d4f4cf9cc788307537768e95c93a1e
SHA1b4d48a869ea94ec77fa2a42c6ab45a318678167c
SHA256445a99b62c9523f9ee057f7775c7d1121fbbee18abc779ac1b0a7b35fa93c9aa
SHA5128f14b1523cd2ba361f0747dd2e1fadc053f8a680dca21eaca610b74beb3a0d18f83ee0628c275547c0ec8171259533743c114d26cc76516b03797bea24244415
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD59a94ab3c900b94d9f1c80500863046f7
SHA11212dea256575eb3cecd132c67438a040f562d33
SHA2566a0a05d40c2212fb5547488e61dc963760884e9549f4897a3adfc0eb4038a552
SHA512bb231f5ffcdfe42f86d39064c2b5600f282f0cb2ff1b9c1eca21ea0dc7f36427216bc7ec0a0b1e17ad53ca195da3baa164d15d1a2b4934ae2e214c15b2b6ac74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD506c5362f5243fcd22cedece0413c8668
SHA10a73bdb1f15f8f5f4b531549631fb7d2841e3091
SHA256b87cb08cd394dbb2941c43c17d4b4c159be97c6de5b7b8fbbbf73de4c09573f7
SHA512b3fc729bcbdaf3d6dc417442c4722a0c2ff1fce5283ecbb3cbf158924663bf8084c72317afcb09edb0c32177d4fab5f604bf4f2b9e5ca47f7ba54b31878764d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58cf1747213959fdda7484d77076cbf5f
SHA176e6946ead2a2bf24cb7b91ec57fd360f3614fca
SHA256bd4a12cd88b955b6c107b2075792cbbfd6d2d4cc86ddb4f4356cb3d7efb2f4ee
SHA5128f0a926aae3b58b3689e89e74e10dcf56e44f1092f9a46c9543d7db8f060cb15853b29d6ed6142d3e00e4c5402cc1d958e75f72e9470b5a048531820db0acb72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5958b45d85a1353850770b68b1b332f52
SHA1d2789607e62ffa34c9eb6395190ef149d4f72bc1
SHA256f91ee8c037a863a747fc36ea88e2585113764b333f5761656b989c919795899c
SHA512f2612cf570fa1a50fe83d02490990bad03a79f92acc6260393337b45c1b95f38c5ebd25669d554b08e60b0df7ea7094ab30f745e812901dec546ae21fa656079
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f19136d03c16bc1613ce01c0dafef27d
SHA13273ec8fde97b36a4e04514fb3c40dcc9649df94
SHA256b35f11630c3bd4970d8a5503858f464cc4c4f8ceacee3433941075f35468a054
SHA512ab2cdcfd534ca2fe01d7fd6fc54995099d716d663c135d626b981ff2fcf5039bf4687ab65ae468f655cd93f62611dfab1716d01f6b805c3f3dfea41064783b7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5cd38adb7589e7c9eafd676936676c93e
SHA10c6d59715d8af2a52e20dc6e0a5dc956a6cfdacb
SHA25685de8ebbfbb32bae26e116393ef0f13ef55b4a52231297f40d69b8d2d2dc9d82
SHA512005767d8c0571d240d4dac03a18e41ff38089bf8f00b600cb0062cd7fe9ba0dfc08b007cf36d5c2170b66d248a9f42bf4757bf3a2cae1a694829ebb927c8dcf7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD51aa3f4b6d6c3413cc128bb708335d88d
SHA1417a3ac7069274b167abd52936435b9ede45d2f0
SHA256d0272fba6cd45ef5063f9ca685a38237937ae2878d0289d6a2f2b76ec3ee80e2
SHA5120a33c049ffa125c4070987a78dad56a759560a762b616328d157cc9f6cb3090199da778171a6998f39813e267a24cf800b3e50d45420b7be16720d6e63312b63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b6df70740f3f08a2dcbf5407b1d11e40
SHA1bfaee99901bb71e5cb3795267b9f163b110d7ff2
SHA2562c5dfddf5a2d80536251352da3e12d5e9c82270d2a9915a9d221b33ef0677707
SHA512c5e12f9b3253e9147c89d7e7d5b4b994435dc6fa64c6043354e0f5bf2b30848810428fd0e535f768fc3ca5724c1494d1f26805ff72006093097335fc6019499b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5cb7f2582d3dc43d353bed2f795049d7a
SHA1ce879acedeb8f45d1cfeaee37fc7852f598d19db
SHA25665d9ef2995e51c2131450f72412874317c55c68824ed4080287cd612c3af2696
SHA51234b98cfcce71c31fff35da8262437017ab50e0d1c7d7de791ae4a6f7942ee972f3a302f9c92ea32d39bfa81a0e9e4c02fe12f6dcee07b97b202eede9d0f77645
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e8b0559e27e5948d6b6c25a7f2b7bf47
SHA1d5e01ee7870f24da3c82601d8c1f6311a9b482fa
SHA2568f148f91b76ef433e2e875e36956315205ff3386f8d56e49246900af1ffb3cd3
SHA512b09ae6a5c956fd573d2ff30d8b3eab71bb6d8e1aa68e9087c72090be6be4b2ec327a26e566e8a4a8e6e5009e36d393780acc591f58747f0aea93acd4b8546b1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD560a1837fe200b4ce1f0a7b11ad238b45
SHA1e1bc82ff530acd68442c268c43a975051350fbb7
SHA2566338dc3b4da59b2a1ca37ccaf570b910aa6e6436aeaf4395ba2dc40f3485e57a
SHA5123fc1bd52d004c38c153f57d864d07b441912818df8c6ec1b0283f7d1088a3f3ee5c5b6f069eaa2e0d962a6c027732293972136e8258e8c2ea933ab69b29dddc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD51c1ac2af60e0560f3c41c2199ab25f06
SHA105abaa303600c2e7e1af012f791aa1966372bcbc
SHA2568db2c1d353dc3dc85ea9c9f39a102588b7cae824faab3006224db5b2547d6d0a
SHA51202878183369648e6b11cfd8cd503371649fccc42b1437879190979bf305f2430c17a7c4b61d303626662c1a4d13f8a25a0cea4c9b262284c4ecae17db47f2bb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5094233e294e828ed0fab5d9503cb6cf7
SHA1b09ffb96356746514d6a779652d6d0d83142d671
SHA25668ca43ac92c73cff52bbdd86cb9428c1d2580881afa53e95277c33bc594599a9
SHA512cdf5be6a39ff08c1adad727a5ece3fd6a6c4ceb8a26310867d0285a27cbfb31ce0db75289ec8d66543e455fc571de5918e6fb9448c6c94e19df29f0b4c677fd4
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C05F171-1886-11EF-AD38-76E827BE66E5}.datFilesize
5KB
MD501ec91c024a5a24b165cba39bf61eaeb
SHA1473e727e7bc1dfcfa6903f33aa730d355169fbbe
SHA2563cff4dffea5edcdc939c8b419f1c6cb90a83e724bd21d550ebac5197c12e898f
SHA51221f5a37c4fe76201b6d8a0c3e5a2fdf45bccb65454bf73dfec8f1f60412a43a3d439416f61d22ef4cbdce43d74d9deecc127cb1098564f9edfacdb75f3f1a60d
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C0852D1-1886-11EF-AD38-76E827BE66E5}.datFilesize
4KB
MD5b3ea3a945b79b951504c412bdb5f8714
SHA10365d6ba263c3780508a0de73ec499793e959f79
SHA25681e1128d5aa0656a78b77c553a05e9cf1afa69d8e5a7f77bc557340f279fb204
SHA5129e73be78dc60eb8375f048cd643df79dfbb43b79b4642c850883ab49f88cfa35f762bf1814bff76c5afd90a8d856e2b03d14672afe940ca3cd37e94e6d5a942c
-
C:\Users\Admin\AppData\Local\Temp\45d522fdff0ea0d34d46517cca7bc790_NeikiAnalyticsmgr.exeFilesize
99KB
MD5f3873258a4258a6761dc54d47463182f
SHA1fbbf8bca739ca4e9745e5224662b33b437a52461
SHA25663b02a3e8e7e049d1f29cd4cd79fe5c8905754da6c023df72aa5cca351d0d5c5
SHA512eec16bb41fd05d9acd5d2b17eb5218057c3cd97cd706e0782a64eb2c32f8a57f1206fe0268be7f37a9f1c3f7b8eb09767cf2724951eaee4be03c4d509d4b3dd4
-
C:\Users\Admin\AppData\Local\Temp\Cab1D15.tmpFilesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Temp\Tar1D56.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
C:\Users\Admin\AppData\Local\Temp\dotNetFx.logFilesize
951B
MD5e907415484480472aae010a915765a9f
SHA1c12b924745af8e723929a22a4cfb260233edc8a4
SHA25618be7373c0e26b71824c0e28d5388f4bf6fb455dcc034eede753e7ba539b637d
SHA512274dd4b4b1462e169f4f89601bfc32cbf6c3109270d671ceed48a6380b4961b3e6f98059231e57f836b8a3c5f669ceec4fd02d44afdff1e673456f984eebcbb3
-
C:\Users\Admin\AppData\Local\Temp\dotNetFx.logFilesize
1KB
MD544ac430050a2eb3068e1230ffe9bcb23
SHA10a5063b338b39fa64ebbb476320c05d46cb3094b
SHA2562ff1319447e299f034e6f4f7c4ce9bdf9f7f18844cb57135410d15caf533a258
SHA5120ab3ebf7a60b6ea849d1491a8c1d2e1968300602afb6e620fd4a004202cd004ffe4fd0431b3427be57b7beb1075758f1c6c70090d0abf3af5e16871e43c1fc6d
-
memory/1732-5-0x0000000000170000-0x00000000001A4000-memory.dmpFilesize
208KB
-
memory/1732-3-0x0000000000170000-0x00000000001A4000-memory.dmpFilesize
208KB
-
memory/1732-0-0x0000000000400000-0x0000000000434000-memory.dmpFilesize
208KB
-
memory/1732-482-0x0000000000400000-0x0000000000434000-memory.dmpFilesize
208KB
-
memory/1732-11-0x0000000000370000-0x00000000003C4000-memory.dmpFilesize
336KB
-
memory/1732-10-0x0000000000370000-0x00000000003C4000-memory.dmpFilesize
336KB
-
memory/2096-47-0x0000000000320000-0x0000000000321000-memory.dmpFilesize
4KB
-
memory/2096-46-0x0000000000400000-0x0000000000454000-memory.dmpFilesize
336KB
-
memory/2096-45-0x00000000002E0000-0x00000000002E1000-memory.dmpFilesize
4KB
-
memory/2096-30-0x0000000000400000-0x0000000000454000-memory.dmpFilesize
336KB
-
memory/2096-48-0x0000000000330000-0x0000000000331000-memory.dmpFilesize
4KB
-
memory/2096-44-0x00000000002C0000-0x0000000000314000-memory.dmpFilesize
336KB
-
memory/2096-51-0x0000000000400000-0x0000000000454000-memory.dmpFilesize
336KB
-
memory/2096-43-0x00000000002C0000-0x0000000000314000-memory.dmpFilesize
336KB