Analysis
-
max time kernel
150s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
23-05-2024 01:31
General
-
Target
6deb18a8497c3ecaae65b11999507320_NeikiAnalytics.exe
-
Size
90KB
-
MD5
6deb18a8497c3ecaae65b11999507320
-
SHA1
16e474ba4d9a0777b95a750acd9f0080154f34dc
-
SHA256
a59bde49c765b57dcdb7ae428f4eee47f834c2220ad2d2b6e5f3c85dcb90b4fb
-
SHA512
b4e1ee66efbb4ac45e304f5110808b11bee74904d6e610d9db68049c9c64b1ff9677f72e6ba73d3610b776c4e436aed971d1deb7e96a23a484ba0f95e5f79e7a
-
SSDEEP
768:Qvw9816vhKQLrof4/wQRNrfrunMxVFA3b7glws:YEGh0ofl2unMxVS3Hgz
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 20 IoCs
-
Executes dropped EXE 9 IoCs
-
Drops file in Windows directory 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Suspicious use of WriteProcessMemory 54 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6deb18a8497c3ecaae65b11999507320_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6deb18a8497c3ecaae65b11999507320_NeikiAnalytics.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8C373862-E8D8-41cc-A398-6E3389479498}.exeC:\Windows\{8C373862-E8D8-41cc-A398-6E3389479498}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FBB23944-DB7C-4ecb-9C85-BE5914661F3F}.exeC:\Windows\{FBB23944-DB7C-4ecb-9C85-BE5914661F3F}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8CB5F0C1-5843-493a-BEE5-86B47FB65B6F}.exeC:\Windows\{8CB5F0C1-5843-493a-BEE5-86B47FB65B6F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C9F49FAF-975A-44f3-9DD5-96B094519009}.exeC:\Windows\{C9F49FAF-975A-44f3-9DD5-96B094519009}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E6739505-CE68-4908-9FCC-3C5BEBDF086B}.exeC:\Windows\{E6739505-CE68-4908-9FCC-3C5BEBDF086B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
-
C:\Windows\{B64F911E-C64F-4589-BAC0-FBA1C98CDC40}.exeC:\Windows\{B64F911E-C64F-4589-BAC0-FBA1C98CDC40}.exe7⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8A456EC5-7A6E-4f6b-9B9A-1B6BF7F076FD}.exeC:\Windows\{8A456EC5-7A6E-4f6b-9B9A-1B6BF7F076FD}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3589E43E-8B20-4946-8FD7-1D646B871C66}.exeC:\Windows\{3589E43E-8B20-4946-8FD7-1D646B871C66}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2CE42E87-0543-4d5a-9986-64734CC49CAB}.exeC:\Windows\{2CE42E87-0543-4d5a-9986-64734CC49CAB}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D379A1E5-7522-4c4c-A31D-83BCF6BF74AA}.exeC:\Windows\{D379A1E5-7522-4c4c-A31D-83BCF6BF74AA}.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2CE42~1.EXE > nul11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3589E~1.EXE > nul10⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8A456~1.EXE > nul9⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B64F9~1.EXE > nul8⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E6739~1.EXE > nul7⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C9F49~1.EXE > nul6⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8CB5F~1.EXE > nul5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FBB23~1.EXE > nul4⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8C373~1.EXE > nul3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\6DEB18~1.EXE > nul2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3376 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90KB
MD59b65cd9bd3ce537631042eb1f0d3ca0e
SHA1083d20f9ccada316a52a0c6ac419ccff45fcf08b
SHA25681e1ead13b4b8e05982770d132c8a66a190f244be9c4848e7e11ea7dfa117508
SHA51271ebd4d64e2c18ecc8fe48614901e6f98837d054d7f738e06d455251926c87d5c0d20bd54a4524c5801c5d5a30ba75615055187b8d23e4baab37585f37af0b97
-
Filesize
90KB
MD5e7e0dc7ab267c28c94d99f041bb7c710
SHA136a1a21e079ec7c9dd934dc31afe2b4781f630d0
SHA25644763b03bc34e0b9eeb6cb5776473fb98550d650a0fa6bd6959efe8f92d6ea84
SHA512f5b3ff672e630edc92e16b4a9a94c970c4faa95192798643d02dcc34d0c2af3ffe0cbda31d1a70533e9a3cd00298a3ce17fd09204e56f683bd395ba2d0020178
-
Filesize
90KB
MD52512f367742a22cfd60a90edb547889b
SHA1a2d47ecaf3bf3f099e96a9987aa99c21a5bd2b5a
SHA256d47a6e8a8774eb0b53fb2579a0f3880f57da66640c3b3ff92229366700b90463
SHA512b10effc0ec0c93d5853385cb5bdd1c3028eaad8488560f09df96b8448802178148223239a1fd222dbe3ad136136ec2caa901fae4b7b38aa42cad425bea5e92af
-
Filesize
90KB
MD51c8a358f2f26491f76ffc19be1769cb5
SHA161388bdb7d5c61e339636f074350b810a3b6a81a
SHA2567be324d3607b7f775be44963230ccef95f2c52e3b5655fe8026e0a3073656ffb
SHA512116c3eb36702c39c08c9619d63d32d4fe40039fd5a2c7e6f6eb041aa903ce4d03643d83f157b9b64071dce68a92f249a28c70da3e823ca4c0e138db426db1f39
-
Filesize
90KB
MD55de6a5b8ea838b58e48d552a908bf0ac
SHA1257e37f2a779730101c9bc4b80ee8eefd2376874
SHA2561de18469c38f5cea263a310ff937ca8317a18955622150b19107fb33ea946724
SHA512e363c94099be04390c2d2a118bd34d01fcad3f96c9e969b5f534f29f15e10a92ed232df466122a56f2625bab129c146f2c3491c26b93b7447fe8c07ca1bb1733
-
Filesize
90KB
MD5276ef0d5a17073f522d3f021d030c20b
SHA10a143fe5ddac6ba884ba068a9aa323613eac265b
SHA256f56c10f7d22db6968d12e5cf8de4b8004890fd877b81380e11ca431653e61533
SHA512b4ec49d78ba0a1597e10db66a3d83b6a0c1a24d7acc51f6c1fcfd6b793446dc3cb33372a4852d4a970b06a7d0d6c7ed807031597d94f28763441d6aa47eb3fc3
-
Filesize
90KB
MD591664b0dfb0768ec3b6491926e48996e
SHA112cd28608f8e391a681f537b901eb9631155abea
SHA256d2ce89a3574b86b8ca4034e287a25118523b96c3ab391f3b1cb58be43c592ec1
SHA512310dee4a2ee29da225d520b0f7a404cadb49a33c1eb7e77e780395b2fb4390cc1446a9cfcebac70744cdfb3c12b9789c3cfc7f1fdb34d940a023dbbc4d508765
-
Filesize
90KB
MD5547cf556d6986a67f50981cc6e124610
SHA1b18b24aa994dad715318dfe5a83d7fc6cc520156
SHA256db8c211d966d8e13f9307df6b5478ffcbcc7f3862e62000b5b35ae20ede42383
SHA512c0e7f09cbb043710bfbab1989cde36786ba823ab2644e33b13cfa1a52c31eff1ab5cdcf6ff1e369416cbc5c73e3012ba8698491a153bd59f199a842c033112be
-
Filesize
90KB
MD530eaa7138bc356d675d64b326c6e8812
SHA1c3ab731afa57c6e95ea7373d9d8d387ae4c1a43f
SHA25659aba494f2d828517dd0901441f9fb39149f3dfd61936a91b0f3b8a26344f010
SHA5126c9ce842f805cefac2eb952baaa07a170858b0d9db2bda1d7e67e67217d28cd3ac50e28e4bf0ae31e1406a7eb203f4ea4b037b2f8ec0bba7f2f1d5e1dcbbfbdc
-
Filesize
876KB
-
Filesize
876KB