General
-
Target
320867c337db174c60200b23d21a16a0_NeikiAnalytics.exe
-
Size
146KB
-
Sample
240525-25jkzsdh9s
-
MD5
320867c337db174c60200b23d21a16a0
-
SHA1
49032d1539d5cb93d4bd0dbf28f40cf983c5e004
-
SHA256
1cf92536c3efe3af302b54ecd48cea8a301ce1a0b68a6c6231c7783aa4866a95
-
SHA512
8d171fc12e6c0d11babab2b0b3badfa677c269b41ba5087fb96c234ded97a4ee33a398b87745233fbd994d8d49d14e0a34faa16f8ad82c0574c6b91e72b9b7ba
-
SSDEEP
3072:tx6AHjYzaFXg+w17jsgS/jHagQg1dxiEVO:txzYzaFXi17jWO
Static task
static1
Behavioral task
behavioral1
Sample
320867c337db174c60200b23d21a16a0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
320867c337db174c60200b23d21a16a0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
320867c337db174c60200b23d21a16a0_NeikiAnalytics.exe
-
Size
146KB
-
MD5
320867c337db174c60200b23d21a16a0
-
SHA1
49032d1539d5cb93d4bd0dbf28f40cf983c5e004
-
SHA256
1cf92536c3efe3af302b54ecd48cea8a301ce1a0b68a6c6231c7783aa4866a95
-
SHA512
8d171fc12e6c0d11babab2b0b3badfa677c269b41ba5087fb96c234ded97a4ee33a398b87745233fbd994d8d49d14e0a34faa16f8ad82c0574c6b91e72b9b7ba
-
SSDEEP
3072:tx6AHjYzaFXg+w17jsgS/jHagQg1dxiEVO:txzYzaFXi17jWO
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
9Hide Artifacts
2Hidden Files and Directories
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1