Overview

overview

7

Static

static

3

34d287f31b...cs.exe

windows7-x64

7

34d287f31b...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34d287f31b87286d6ce3121b80a5cef0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    34d287f31b87286d6ce3121b80a5cef0

  • SHA1

    03a64af9f39c7989a8fd800ad0229688ea531e85

  • SHA256

    844167d57b507f3144e594dec81f124320792c381a2c3d805964bc37af24b3cf

  • SHA512

    ed710668cad07edbed3c706a256b2fed40eac69b3ec990b68bdbbbe67d109cf1851d6f8fd7f97f83ad0791814ccb7c68c9defc6d3a1372e56db73cb4d9e76298

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBz9w4Sx:+R0pI/IQlUoMPdmpSpT4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34d287f31b87286d6ce3121b80a5cef0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\34d287f31b87286d6ce3121b80a5cef0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Files2I\xdobsys.exe
      C:\Files2I\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:780
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:440

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Files2I\xdobsys.exe
      Filesize

      2.7MB

      MD5

      43303cbad6a7614aeb38f1979e2f2540

      SHA1

      5bc01bcdedd15a211cccbebde8522c1be7794d3e

      SHA256

      c7874325029c8d727478f50774b26581ed6c088cda09f2d6a6ca1ba36c175c4c

      SHA512

      aaf34cb3a7ca085f528cb5f7c54f33362b5e5b5c07c57648b6bf7c7c5817311d221d48fcd9dbf0ade7306714cc360d3f22965eb57a02b0468dc60172e2903db1

      Download Submit

    • C:\GalaxZU\boddevec.exe
      Filesize

      500KB

      MD5

      6e932b1e7327e7c961770d2dbad41d9c

      SHA1

      0d3b70a4239851c0ff6c541a1a8b323b4132c094

      SHA256

      8e3a62a45ec2226fb841d1e602c989482cec00900fb014879448b6b8403bdf1f

      SHA512

      4bf78e82c37a00ab7afa0ca38ee6e39a20ed281b58a90694ca7d9f5ac591d94a903ad42a90837dad4b45d049e1fcc6a6499e25aa1cbea64216129554bdce5ef3

      Download Submit

    • C:\GalaxZU\boddevec.exe
      Filesize

      2.7MB

      MD5

      5aa2515e51a7a3a4e80da8d013639c18

      SHA1

      33c8135720a952412e0da6069a4083f6bb34000c

      SHA256

      8f556c43db6d1c41d6967bd3466c8ec6ae4dcb03d878b94548ef357d46a7fe06

      SHA512

      4a091b989953f8a93801cbf23159fbacab552200c9c2795edee19fcf7deb137278540330e2f46cb985b4d46609394feeabb9797be600c01a2ddb871ad169bee7

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      203B

      MD5

      07d27bdb613056956a117d7edf768b67

      SHA1

      be71ceadf2a5f150509fcc792bf7671dd0a4a0dd

      SHA256

      9819d12c93239865a53300df3642bb3d691aa25dd31535bc9b71b6b393c029ea

      SHA512

      d8824212eeaf9a9404e8d7d0c6cc646f6ac07046a1c592e9ced2a64fa6a0008715634c96cf5a76f875cb4f793ad310c461ebb44c52f8c194bce7a1a24aaddc25

      Download Submit