649fec27603e46a694b334479b7fc1643bfe36a3866e8351109ef5c5c307926b

Analysis

max time kernel
149s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7685ebe74e80f28a6314ebf30309feb0_NeikiAnalytics.exe
Size

408KB
MD5

7685ebe74e80f28a6314ebf30309feb0
SHA1

750975a3f6a01e0b106acee3ac4ca112e58eef25
SHA256

649fec27603e46a694b334479b7fc1643bfe36a3866e8351109ef5c5c307926b
SHA512

3941ef1a811022752a6357d3440e4ce3763fd78ac7132d15ac26407971a1108b19e90ffde08574cd74d26ed9a713c819b9b23230770bf3f0de60941b87b32104
SSDEEP

12288:4jauDReWsJBeKDs3QDpxVRwEoZpzEAof/LXx:4DDmBeKDNDp3RwEUpIV/Lh

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3320	fethji.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\fethji.exe"	fethji.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 3320	2720	7685ebe74e80f28a6314ebf30309feb0_NeikiAnalytics.exe	84
PID 2720 wrote to memory of 3320	2720	7685ebe74e80f28a6314ebf30309feb0_NeikiAnalytics.exe	84
PID 2720 wrote to memory of 3320	2720	7685ebe74e80f28a6314ebf30309feb0_NeikiAnalytics.exe	84

C:\Users\Admin\AppData\Local\Temp\7685ebe74e80f28a6314ebf30309feb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7685ebe74e80f28a6314ebf30309feb0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2720
- C:\ProgramData\fethji.exe
  "C:\ProgramData\fethji.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:3320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings .exe

Filesize
408KB

MD5
d865cda8be5156b74458e67e46aaf827

SHA1
77f62d931c37a734c388b8307dc90e6ee92234fc

SHA256
1ca91538999640e038e97d5e608c85895e994e3ce4698d3da9ed1b8ecb16d299

SHA512
b23d97f2b48056a7c57902917abe40d99b8d3bd382a17ac40cd205acc943cd9d88432fba45ab2d7b9857369c61f2010a64d3eb744a79027fc10254792efc3697

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
136KB

MD5
cb4c442a26bb46671c638c794bf535af

SHA1
8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

SHA256
f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

SHA512
074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

Download Submit
C:\ProgramData\fethji.exe

Filesize
271KB

MD5
2270635d9ebb52e65f71fb6873075387

SHA1
ca5a824bb8c9ce4ce55456025ac5c8dbdf1be6c0

SHA256
0b22179d7c24a075a1518959e2ae1af39e8a245ff723bb32a7db424bf69c5352

SHA512
3aa23470a928c079aba5ab96cb5829c7f2c5a472cc4850b4ed3ae7b31d3c31272a7c55a3aa71cc6b533af4245a5357adac17a6d89957b707234e89ea073c0f20

Download Submit
memory/2720-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2720-1-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2720-9-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/3320-130-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads