Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 22:34

General

  • Target

    2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    2bda6f879f2964c536c55f536693eda0

  • SHA1

    f757cd75f33a68312a12451d067028ad593eaa88

  • SHA256

    267bff7fee12fa558acb527d3f443e6430c2d7de464200c6ea910ddfd2dfd08b

  • SHA512

    a5dfc1e2f5aa37b031952378c70bd8930bafff2eb901133c13e2afa9e1c954fea002769616f3e9145428be83402402058c826f58b55a4736e616475947439688

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpb4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmA5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\SysDrvSQ\aoptiec.exe
      C:\SysDrvSQ\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4944
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4604,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=1300 /prefetch:8
    1⤵
      PID:4940

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\KaVB08\optidevec.exe

            Filesize

            35KB

            MD5

            089bc2e72680dc4da7e030614895e540

            SHA1

            0074646aa2e42c3cd8daf8a53228227c4cd2daf4

            SHA256

            94714ca7345be3c4fa76119feea57701a76358727dbbcaa80d9a56a56be651ef

            SHA512

            690b2b2f94d7f46fae8a08d6892177c04ab5dc87e9b1cd1c90765c7490c0d7e6bf583d98c892be6c2eb4097db20dc8d5aafce8d4283e9085905768ebbaee8f9e

          • C:\KaVB08\optidevec.exe

            Filesize

            4.1MB

            MD5

            be91b87e04bcec5076f52ce6cdfd9d7d

            SHA1

            1e13bfc13d7b37c7d6a45b42fd04422bd5f5c537

            SHA256

            f38b445b029781565af2fa8e63bbf3bd81c087d766fabaf21d0286eebaeac2bd

            SHA512

            9ade6a04ad9ecc473bb0d92f05b9fb1ad3e71b0b73b087fa534a7a34262df671de1046ba4b03aea3053a74f4e0b5336a579d3fd92e1440cdd7d49d8d7ab125c1

          • C:\SysDrvSQ\aoptiec.exe

            Filesize

            4.1MB

            MD5

            eab03c7e00bbb3f6c4868faf05d7d23c

            SHA1

            a1a9b69e80c4dbcb06bd595665c167d2c9f6f83b

            SHA256

            07312b5bb3c77f44a477e14a6e8af7de34bee6b7c41b90c222624fb5fc5bc2a6

            SHA512

            23354bc6e6956790bb094882820c8d79ed8bfbb3914a3db7128e68d6653b1e1c9b092b30f4f590a4e31c8859ee11073d5bfda0be75de84a1707a5550bfee0c01

          • C:\Users\Admin\253086396416_10.0_Admin.ini

            Filesize

            206B

            MD5

            7833648b288c2de2d695c090b404d9f4

            SHA1

            248fbe420211bda1b01740e5dd740ee7264f9a4d

            SHA256

            b55ea0c9c51f9ba6fffad9b465f0a1f8aa31a7805218b045bf98bab41a65ee27

            SHA512

            a79db04ed7c7db97bab2b3580db2cd95deadd8f59f3d3de52b1ce5dd3f47a63acc9cfefc788ebbcc742df83239a388d0e6d7c4b2dee2308a1fe05fb60a65e5dc