72f2bb07bdc5e6f1c85bac3c1b145bc2c7f44d775f8dc3ea80c9959e8dbcab2b

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acff92d059c406aab36c6dc7ec34e490_NeikiAnalytics.exe
Size

29KB
MD5

acff92d059c406aab36c6dc7ec34e490
SHA1

bb49f9902220fe34552085687049b18c482f3a70
SHA256

72f2bb07bdc5e6f1c85bac3c1b145bc2c7f44d775f8dc3ea80c9959e8dbcab2b
SHA512

4680d6dc5eb6b0a88e8fa3029368dd9cda144e05da5b47b9fa68e6852e01e5881296b775806936f75c6c2b2bc0e0516b56fe6026a2b1ceed5038e05eeeabe58c
SSDEEP

768:VqPJtMA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EwhSahGCo4:VqsA6C1VqaqhtgVRNToV7TtRu8rM0wY+

Score

7^/10

persistence

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2392	microsofthelp.exe

Executes dropped EXE 1 IoCs

pid	Process
2392	microsofthelp.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\microsofthelp = "C:\\Windows\\microsofthelp.exe"	acff92d059c406aab36c6dc7ec34e490_NeikiAnalytics.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\microsofthelp.exe	acff92d059c406aab36c6dc7ec34e490_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2392	2220	acff92d059c406aab36c6dc7ec34e490_NeikiAnalytics.exe	28
PID 2220 wrote to memory of 2392	2220	acff92d059c406aab36c6dc7ec34e490_NeikiAnalytics.exe	28
PID 2220 wrote to memory of 2392	2220	acff92d059c406aab36c6dc7ec34e490_NeikiAnalytics.exe	28
PID 2220 wrote to memory of 2392	2220	acff92d059c406aab36c6dc7ec34e490_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\acff92d059c406aab36c6dc7ec34e490_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\acff92d059c406aab36c6dc7ec34e490_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\microsofthelp.exe
  "C:\Windows\microsofthelp.exe"
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\microsofthelp.exe

Filesize
29KB

MD5
422f5b79fe28557da8b7081c22f15da4

SHA1
251e03fa1686f3392daac2632e3bc7b60e30c946

SHA256
8eacd04bb43f98b9fe3333789121e359e35ad0fba508e75a61c7bc313da87d84

SHA512
2461c9e9bbcc918c55cb087e486c0a914f77b8aebfbb3e5031e03450cc8e6b86c656ef601844af005514bb0eb00e30b8e86bd31aa840d07d4a2a7cf43828a504

Download Submit
memory/2220-0-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/2220-3-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download
memory/2392-8-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads