920552b911beb245c8e7cc23ca77d4934383b7a1553ae8f2ece9940f41052423

Analysis

max time kernel
149s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
Size

4.1MB
MD5

f6210b7712a525df09bfb755f53e6b00
SHA1

a0aedda897c7a4d31d4ee65debe68af99107488b
SHA256

920552b911beb245c8e7cc23ca77d4934383b7a1553ae8f2ece9940f41052423
SHA512

864758b7499a6ef2eb3b43424af928709d685dcc1fbf520a83fbfaa30a98ca5f6b76814d94460d1f24b58aa8f601a490db8daa4a8ef279843c2da1bf84d1c5a0
SSDEEP

98304:+R0pI/IQlUoMPdmpSp84ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm35n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2712	xdobloc.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintTF\\boddevloc.exe"	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrv9R\\xdobloc.exe"	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2712	xdobloc.exe
2712	xdobloc.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2712	2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe	88
PID 2896 wrote to memory of 2712	2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe	88
PID 2896 wrote to memory of 2712	2896	f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe	88

C:\Users\Admin\AppData\Local\Temp\f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\f6210b7712a525df09bfb755f53e6b00_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2896
- C:\SysDrv9R\xdobloc.exe
  C:\SysDrv9R\xdobloc.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MintTF\boddevloc.exe

Filesize
4.1MB

MD5
0991fadd568b4f9e36997f929ac40f0f

SHA1
a35e4a177cecb76b0cadba189093693bb81b47a3

SHA256
0958fe24986ca1ac076c21ded4cde983bb250c1bd29fa72c9f8ebec5bfd9d7ee

SHA512
207c929ae9f0b06aebb78636c584a26efa6788b31230b7ca9f68aeb5f3e959d0e5a9d8fde51806e1a3ea268f0ce2f9b7cb3a28040eec45f46f00c4b37320643d

Download Submit
C:\SysDrv9R\xdobloc.exe

Filesize
4.1MB

MD5
d3a832100578d310904604e544223ae4

SHA1
902b7e3e8b9d2f0bf7cb6b50fde20b5c7fb4d306

SHA256
c4af54d65c6f7a32550febbe967eae87d16f59bf5d2a6cf804d88312d02ca30b

SHA512
91c9c11f3051938302be9ce4c77b7da70998b29d7183139c7daa5492123ea059f7ecdbf860d5840aca04fa142a2c2ab7d92811cb0c65ef6dbfc5dfe1eae3456b

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
204B

MD5
49ba33039a449ff47e4a38b20e55ecf4

SHA1
c0f83167e2c87ce62beb681016ceeeca5b71e0c4

SHA256
2bc98b797ac2bc4abc69bac7e954a3d153f621db3e69a46dbdf9b77f2120b1b2

SHA512
9c22776dec483bec81209043e440f9e0dca74fe246d85ea2008ce882d96c43f199ce804fd741f0248c596af6778aed1c8210a40387fae1fa1e360209832d0184

Download Submit