General
-
Target
320867c337db174c60200b23d21a16a0_NeikiAnalytics.exe
-
Size
146KB
-
Sample
240525-25jkzsdh9s
-
MD5
320867c337db174c60200b23d21a16a0
-
SHA1
49032d1539d5cb93d4bd0dbf28f40cf983c5e004
-
SHA256
1cf92536c3efe3af302b54ecd48cea8a301ce1a0b68a6c6231c7783aa4866a95
-
SHA512
8d171fc12e6c0d11babab2b0b3badfa677c269b41ba5087fb96c234ded97a4ee33a398b87745233fbd994d8d49d14e0a34faa16f8ad82c0574c6b91e72b9b7ba
-
SSDEEP
3072:tx6AHjYzaFXg+w17jsgS/jHagQg1dxiEVO:txzYzaFXi17jWO
Static task
static1
Behavioral task
behavioral1
Sample
320867c337db174c60200b23d21a16a0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
320867c337db174c60200b23d21a16a0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
320867c337db174c60200b23d21a16a0_NeikiAnalytics.exe
-
Size
146KB
-
MD5
320867c337db174c60200b23d21a16a0
-
SHA1
49032d1539d5cb93d4bd0dbf28f40cf983c5e004
-
SHA256
1cf92536c3efe3af302b54ecd48cea8a301ce1a0b68a6c6231c7783aa4866a95
-
SHA512
8d171fc12e6c0d11babab2b0b3badfa677c269b41ba5087fb96c234ded97a4ee33a398b87745233fbd994d8d49d14e0a34faa16f8ad82c0574c6b91e72b9b7ba
-
SSDEEP
3072:tx6AHjYzaFXg+w17jsgS/jHagQg1dxiEVO:txzYzaFXi17jWO
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
9