5ddb820e9aad6cd504249aef19a8eacdc213a8c4bb7f973655df7a2bc15a3019

General

Target

536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
Size

97KB
MD5

536ca6dad62e0cabba47b1d3269817a0
SHA1

27fb50e481d67ff1f586b85010fb738876ac8759
SHA256

5ddb820e9aad6cd504249aef19a8eacdc213a8c4bb7f973655df7a2bc15a3019
SHA512

e95cc9af3833d08954e0c77f42e4005b1e2718b6aea2e46d60cf22fadd5ab663991592fad8326e5d5eaab798b3d3072ee0ea068b7a192dccf58fc0d7c632e02d
SSDEEP

3072:5JjcF8KfCOcjk+guPVjSEhPlHb9VzPSM6pAX:5JonkkxudtvPSrAX

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4868-0-0x0000000000400000-0x0000000000467000-memory.dmp	upx
C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe	upx
behavioral2/memory/4868-33-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe

Drops file in System32 directory 31 IoCs

Processes:

536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SysWOW64\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hard cock cumming in her mouth.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\jessica shows us her fat fisting.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\some naughty toons fantasy.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hot busty amateur babe stripping and spreading.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot looking horny ebony teens.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\cock forced in some slut mouth.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\yahoo hacker.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\lucky lesbians licking outdoors.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Cable Modem Uncapper.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\amateur babe showing pink.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\couple beach vacation fucking.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\gay guy with a screwing machine.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\little dicks on gay male tricks.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Bondage Fetish Foot Cum.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\kitty-cat with horny beaver that needs licking.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hot tomoli lathering up sexy body for boyfriend's tongue.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hot hungry sluts sucking cum for a line of coke.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hot blonde teen sucking old dick.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\dude getting burned out trying to fuck 2 hot babes.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\uptown girl with great ass that should be illegal.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\trailor tramp pissing for you.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\shaggy pussy girl posing.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\hot bigger babe with huge hooters.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\Flash Golf.exe	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde chick riding cock.mpg.pif	536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\536ca6dad62e0cabba47b1d3269817a0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe

Filesize
87KB

MD5
b8f1dd8dd928c60c5650ce0bc1b869ce

SHA1
b287615f23d86181bb5fb830eacd81f29d320ead

SHA256
7fdd6a08900c727aa77bb2a5a83a34539e2357a2d248ae82feb7f735c4104feb

SHA512
f488e5d09efdbfaba689c23658477530222395b9e5f542e81347ce9412d0912de58274868c3a9afe295bda0be74d341303fb740496a9e9205af2e7c11eddc8a4

Download Submit
memory/4868-0-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/4868-33-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads