5ddb820e9aad6cd504249aef19a8eacdc213a8c4bb7f973655df7a2bc15a3019

General

Target

536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
Size

97KB
MD5

536ca6dad62e0cabba47b1d3269817a0
SHA1

27fb50e481d67ff1f586b85010fb738876ac8759
SHA256

5ddb820e9aad6cd504249aef19a8eacdc213a8c4bb7f973655df7a2bc15a3019
SHA512

e95cc9af3833d08954e0c77f42e4005b1e2718b6aea2e46d60cf22fadd5ab663991592fad8326e5d5eaab798b3d3072ee0ea068b7a192dccf58fc0d7c632e02d
SSDEEP

3072:5JjcF8KfCOcjk+guPVjSEhPlHb9VzPSM6pAX:5JonkkxudtvPSrAX

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2876-0-0x0000000000400000-0x0000000000467000-memory.dmp	upx
C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	upx
behavioral1/memory/2876-34-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe

Drops file in System32 directory 33 IoCs

Processes:

536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SysWOW64\macromd\honies letting dudes flush mouths full of hot cum.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Cable Modem Uncapper.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\amateur orgy at a swinger party.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\sexy ass black slut sucking huge cock.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\two teen lesbians with dildo having fun.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\head rooster pimping hot little tender ass chickens.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\nice girl showing her tits for extra money.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\older blonde showing she has the goods.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Warcraft 3 battle.net serial generator.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\neighbor boy fucking grandma after mowing her grass.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\huge titty blonde taking in a full 12 inch cock.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\some fine amateur pussy shots from behind.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\krystal steal getting her bald clam filled.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\amateur spreading more fine ass than stud can handle.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\sexy pink pussy girl taking it off.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\blonde on couch gettin tight anal fucking.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jamison Dildo Humping.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\bad gal being tied and bound.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\two studs gangbanging a hot little sluts holes.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\horny little blonde spreading pink.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hard cock cumming in her mouth.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\16 year old on beach.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Preteen Rape Sex Illegal - Jenny - 13 Years old.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\amateur swinger babe sucking on a couple of cocks.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe

Filesize
89KB

MD5
1ead54efccbce25665f5e1f338996742

SHA1
02e535e3df209472a4584a216a4e839e0b6291dc

SHA256
11df4924ae511613b6a9d3d60ceeedc120e02a081d5525fea83c80ba5979420a

SHA512
129be498b8ce070b92ba919ec2e80294e94f135d95fcd48fdf15540eec7aa388da7b4ab4af7b911ce54774665aadadcb94d590403bd9b8758196c4b0bebc89e5

Download Submit
memory/2876-0-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2876-34-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads