Analysis
-
max time kernel
96s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
22-05-2024 23:12
General
-
Target
546d66127a805299a354d6c4d2e45930_NeikiAnalytics.exe
-
Size
76KB
-
MD5
546d66127a805299a354d6c4d2e45930
-
SHA1
983e6850f9d74543d8d882100a952df48cc7d15e
-
SHA256
72eefdeeffca0d1531f999c912cb17a651ccb0a4a93120e97836d009a105262c
-
SHA512
0c674d99b44b01ff7c65c500998362d6a0cee0f172af9eb0d187708a263db1e5008456642085005c90773012160c1813239706400a5fcbaea90de9c7fea46ed4
-
SSDEEP
768:c0IrC2V/6WA+xOF4/i/BEYkp7P6lweQDhDmpU5GFrrEzWsdSE0d8pUHIkI0IjI:cRblLxO+2G40OIkajI
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\546d66127a805299a354d6c4d2e45930_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\546d66127a805299a354d6c4d2e45930_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\sugeb.exe"C:\Users\Admin\sugeb.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD593353fa5ce8650405652990e49353d67
SHA18e2d55d3b625573bb6c76f5116134cd6fa4e255c
SHA256c8544f1f95abc37e6a344349191e60220308bb40110f539e14199c2c123a9f0b
SHA5121839357323a57c627a5e61b4af8a2800e7174d9ed98c0bd61c7656b757220138e6aefd191f5a3df5c02fc9447501eadbc93ff479b70ff6b1752e14bb9b2647fe