Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
23-05-2024 00:55
General
-
Target
66ad3cf29b5044dc6ac5f5475feb20f0_NeikiAnalytics.exe
-
Size
90KB
-
MD5
66ad3cf29b5044dc6ac5f5475feb20f0
-
SHA1
a4e81dc5f7bc462e65bd76e5b1543f3f6aad621e
-
SHA256
8b75a581b815769866431bb152d11796aa8ba6d8dc22a50ab37c1cd7434c4e2f
-
SHA512
f1976026d5bd20b16a0bd04c40a3abb5bb60de266d4db35247c1cd5ae7d0acd0848a86eeb3df4348ed86a9e4baf3e31869344f60c3dbf31507f98993d11d80ed
-
SSDEEP
768:5vw981UMhKQLrop4/wQ4pNrfrunMxVFA3bA:lEG00opl3zunMxVS3c
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\66ad3cf29b5044dc6ac5f5475feb20f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\66ad3cf29b5044dc6ac5f5475feb20f0_NeikiAnalytics.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{282ADE65-B7B1-4477-99CE-63856F222D97}.exeC:\Windows\{282ADE65-B7B1-4477-99CE-63856F222D97}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1D00CBD2-B141-417d-843E-114524528390}.exeC:\Windows\{1D00CBD2-B141-417d-843E-114524528390}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{56689EE8-3BF3-4c66-B26A-E4B6AFEC9F29}.exeC:\Windows\{56689EE8-3BF3-4c66-B26A-E4B6AFEC9F29}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{738F0520-AC7A-4bf1-B038-19F9F9A6F70F}.exeC:\Windows\{738F0520-AC7A-4bf1-B038-19F9F9A6F70F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7935A812-D910-4ca4-9A07-DBDCC53D1F31}.exeC:\Windows\{7935A812-D910-4ca4-9A07-DBDCC53D1F31}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5829A80A-D915-4e99-A1E7-29EAF5936FA3}.exeC:\Windows\{5829A80A-D915-4e99-A1E7-29EAF5936FA3}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2D1BDC9C-B4F2-4f83-BF4F-E4D0CE6E3446}.exeC:\Windows\{2D1BDC9C-B4F2-4f83-BF4F-E4D0CE6E3446}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BE4458E0-93AF-4280-B161-7BCFF9B732E3}.exeC:\Windows\{BE4458E0-93AF-4280-B161-7BCFF9B732E3}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7582B991-76D1-48c1-8585-693041D3656C}.exeC:\Windows\{7582B991-76D1-48c1-8585-693041D3656C}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FF35C8A7-C415-4ff5-B429-3A4B98399AFF}.exeC:\Windows\{FF35C8A7-C415-4ff5-B429-3A4B98399AFF}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BF5A4FB0-F50D-4c6d-9BEB-1BBEACAA50A6}.exeC:\Windows\{BF5A4FB0-F50D-4c6d-9BEB-1BBEACAA50A6}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6A6939C1-5424-4407-9F50-F279BAA64D0D}.exeC:\Windows\{6A6939C1-5424-4407-9F50-F279BAA64D0D}.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BF5A4~1.EXE > nul13⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FF35C~1.EXE > nul12⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7582B~1.EXE > nul11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BE445~1.EXE > nul10⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2D1BD~1.EXE > nul9⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5829A~1.EXE > nul8⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7935A~1.EXE > nul7⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{738F0~1.EXE > nul6⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{56689~1.EXE > nul5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1D00C~1.EXE > nul4⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{282AD~1.EXE > nul3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\66AD3C~1.EXE > nul2⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90KB
MD56ef3bc391106f83d91f194f89d5bbc48
SHA1ebf4dbc6a00dbdff3c2c1ebde0ea4d918bf1ae91
SHA256bfcb37c9e650b7116296f9563b0c96273156e0c0e5ed6770e9be1605e6b591e8
SHA512b79d49d9ba8cebb3d0db4e1a78048891ed9e1d53abaad0d808e71c76c9b19e9d0bad43ba9d5c414e90c55f843902a7e5d300ae6ccd6675b100d2d77c9dcebcbd
-
Filesize
90KB
MD5478d940e07068d0063f5d063263fbb5d
SHA19add7caa9b2d75cb0275c2cce743cd243769ebad
SHA25640af2e6debd1232bf08f82a7eaed4ee31070dba09b28bdbe7e0130637586c518
SHA51287d62e0230b3103fd85bb94f7b7094f2e47727fe90763b63ea1e79a82f5a3897f00b1422b1b38e8c07b6602c05df557c631df8435112f384a0c800e2583b8895
-
Filesize
90KB
MD594e5257df93597df5cb65add49eff6b4
SHA1de28f5d8458259144d706452bfc5f013cec612bf
SHA256fcd458118e662ca3f17db3eeeb5cb2d63348de981d5fd178912211bc14ebb336
SHA5126bcc654ff1251da1456ae43ed2e3e24877c8a3589e985557bb194dc01ff9427f56b4e4f02817bc0305c5b98b0c90bdceb2ebe55c28a3477faf70fd672709e702
-
Filesize
90KB
MD5e461ca3857d632f5025b9feddcc5b55a
SHA1feab1a9afa984d782d5f9fa03cd9027678be0d65
SHA2563cfd61ae60f94a458c34a92a8ee7ac0efe97b76004e7c03681d10504643bb1e1
SHA512532e5558fb203dd8f9a27db2a81c0383630499f976d7f533af7dd1ae88d87fb1c8f16ef71210049cbef10b001ac2248df23cf9844ccbd3619321ac59e332d699
-
Filesize
90KB
MD5d326cdb18120df16f11d0e01068f7224
SHA14452941cc33d5f2bdb8d4905dbfb1ec2df95c2e6
SHA2564a5af93d319818e2f6113d8a242788666586156f66c0fa548f93e111a1fad006
SHA512f75e82aa2aeef2098c689812e545939527f7ce2e1e1a8a5eaf48bd629f6b2cfa93c614c9d8ae84455d0456a99c21060b7a040a38a1a8c90e459fee98401011fb
-
Filesize
90KB
MD5ce12b1ed04496c2715eb1285433d7b46
SHA1df2fc04d17258d56b6210215f5dc3b52335aa40d
SHA256834806e492c69127a6c591131d63e5e3f248244782ba59d6991bef12e54f310d
SHA512c4563f1c9701fe63047c208e5cdbd08bcaa02816f2f3e489889ee5768d192a744acefc2a491cc6bbf73f589d25f04e00b8d5237599f95b19f0f79932090d9b8a
-
Filesize
90KB
MD53cec65e3973237b25ed346b34b62d81a
SHA113691d1acaf80808ca0c642ef3ac4ccb7b314a09
SHA2567af2c8be242972d62fb06e0255367f1179198b9d699b75ea94f0729e061f7467
SHA51200c243b7f7c450b839a99f51e7cf54f61b73ee9f9a03aaf1c9cf8fa9aab8145230050b4ee60d7ea9a1a716742941d4bbd345741d771b07650622d15285e63858
-
Filesize
90KB
MD529776fccfed9c0f20a26e72bb0ccbc26
SHA11870a4bff56d107bcd1e25161d4269c7c9025f3d
SHA2564a8617df77de0e2755ebfce879cf1f50b7985ffd1514de5e317726847c11092d
SHA5126ded2d831368122b0b61f9aac5f280d37960d2e15b63297df7347b0fb6a172d84a677281410703474e34486d74bcfc791e6fec99725650ccab6409e88729453a
-
Filesize
90KB
MD5174f421b77f0e543500bf56137d094fb
SHA102fc704c890c867b82a51990e1bff8c73034542f
SHA256d25f1ded08c8def409bd741a6959fc04b136d4008e7584034b444bac72f3d298
SHA512c34234ee33b5a736e97d267c62a8ab86e52720d3b73d35f02492525988e3d77b920ace2c8675bdbd565d08ce0780d5406217ffbf55525a2c3cad68dc67f499cc
-
Filesize
90KB
MD5d2a4a6da0fa1a48ac32a5a6987222591
SHA11e58e0c46d77c295d72685b9b113559edc4c580b
SHA256b666143c7ec7599e95f5e5b633ea994d2cfc84eb3d1001ccd7b3872c183866a3
SHA512f94c47059aa206aa0581722d64c1b05205957d9473ef001b52b66d7303e8f0c3482215f74492d03ffa87e5ff520807c1945a74845b0ca3df3799abe3d392c22f
-
Filesize
90KB
MD5ed4bb8b763cdec5563f09993d5ab9c77
SHA1f1b2d36a5e138e5ba7635c9a67ae81893110bbf5
SHA256fdff24d1b390a31d8ba01bf4843ea2b3a1d558a5e82fd71da6ba689af0c3d6cc
SHA512584f3f34d0a0430d3f6f249068433f9b5959fa4bff9577f276a2f6753bbb91657cf8ee4f1f816e73f2f54268021d746bf8651ec745e5f6c6dd79ecff629d6201
-
Filesize
90KB
MD55ad81a1036861fda7af9b37b9442dc51
SHA10ae73bf9cc5ab97c7a3c11405cae2ba2a69a41df
SHA2566f6df879e2fa72aa231943ece49ac005c6d2233c32c63e74b38ac13f329a1a25
SHA512ac040ab285919b0446b71608b219a4f98728928b4646f5ef876f689f1ec8364fef6f6c29a38f1c00990f6a9eb4808308e1a05f7a99f2c019304b2d793d231aa6
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB