Overview

overview

7

Static

static

3

16c07fd307...cs.exe

windows7-x64

7

16c07fd307...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16c07fd307b37d086158199966bdc2b0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    16c07fd307b37d086158199966bdc2b0

  • SHA1

    1e479b4353a001bd3eab408f3d09574caedacefe

  • SHA256

    e2c5910a4a3ff579667e48cd8f7ffa9ab7f57101a1ab4c121611de32ca070762

  • SHA512

    69bca23edbc49de843db93d982717f2552f56b76d8f6fd950b50061a77276a014673b80cfb597c30c430ce87fe379e43e3765770e4b4e942a062d5ad32420622

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpR4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm25n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16c07fd307b37d086158199966bdc2b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\16c07fd307b37d086158199966bdc2b0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\Files9G\aoptiec.exe
      C:\Files9G\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2940

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Files9G\aoptiec.exe
    Filesize

    4.1MB

    MD5

    54c8d6c59a8edb5c0f19ba95cd5f26b7

    SHA1

    9ad99af25b66dea35cb6d2aba7aa1fb5e7f269f0

    SHA256

    4af79b6c938a20c3ffcd39647a80f1f2f6c5f57562ca50f20b25621ac9cc3216

    SHA512

    95ecfddbac0d36cef67214111684ae9d16475ce7110f2dc55a4df9a9fa5eff9e1d73688c43f730ff4fff75c1c38117f15ead91a455770752898f5d15f067512e

    Download Submit
  • C:\Mint4J\optiaec.exe
    Filesize

    1.2MB

    MD5

    195d1dd253c7f0d7414446027e359798

    SHA1

    ad57825d0f20de9bdf434c4dfbbe13983f732093

    SHA256

    ff91c3387ce1650cdef72c73378efe412c2ae0d5d8c33e7c0a189c4afaa3866d

    SHA512

    6d3cfe3e78cd6f74132293c3299497dcff508d16014bc0f59324bc6979267170237e9a43e41035719e6fc909fcd8890421fe2cfdfd4325ad75ca1b3d30211f83

    Download Submit
  • C:\Mint4J\optiaec.exe
    Filesize

    4.1MB

    MD5

    0ed9bd71b98d25571792cf4bbc645cef

    SHA1

    ed21a31622a6a9c019e5c39e3fd0de16460ae997

    SHA256

    df333971b025e2f87b6c7f74fc6cd69f8d7b1961d9b5ef11f6ef6676be71e7e3

    SHA512

    00df9116f4a5606254365bcdb16ac67bc9337869562cbaf72923b68a4e05588be649562bfdf915dfca69c35b4e5870817d9acd2c5dacbf6b5d161befe97ffc70

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    0a5b0ffbd4e28ea8987361db3434bed6

    SHA1

    b876797fb41736c56c68b498a5828fc8a806a57e

    SHA256

    05c5007e119daa468bd0c6504ec85715d48a6376a2bc285cec40739f63fdac94

    SHA512

    426d855b4787f40da6c60f5c98c145757670b114966176c179cf8bea983adae1225552cbdf826b62b56e828d90a9668719daebd29fdbe798e6bf017ea5516d06

    Download Submit