Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 22:34
Static task
static1
Behavioral task
behavioral1
Sample
2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe
-
Size
4.1MB
-
MD5
2bda6f879f2964c536c55f536693eda0
-
SHA1
f757cd75f33a68312a12451d067028ad593eaa88
-
SHA256
267bff7fee12fa558acb527d3f443e6430c2d7de464200c6ea910ddfd2dfd08b
-
SHA512
a5dfc1e2f5aa37b031952378c70bd8930bafff2eb901133c13e2afa9e1c954fea002769616f3e9145428be83402402058c826f58b55a4736e616475947439688
-
SSDEEP
98304:+R0pI/IQlUoMPdmpSpb4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmA5n9klRKN41v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4944 aoptiec.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrvSQ\\aoptiec.exe" 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVB08\\optidevec.exe" 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4944 aoptiec.exe 4944 aoptiec.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4392 wrote to memory of 4944 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 95 PID 4392 wrote to memory of 4944 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 95 PID 4392 wrote to memory of 4944 4392 2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe 95
Processes
-
C:\Users\Admin\AppData\Local\Temp\2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2bda6f879f2964c536c55f536693eda0_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4392 -
C:\SysDrvSQ\aoptiec.exeC:\SysDrvSQ\aoptiec.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4604,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=1300 /prefetch:81⤵PID:4940
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35KB
MD5089bc2e72680dc4da7e030614895e540
SHA10074646aa2e42c3cd8daf8a53228227c4cd2daf4
SHA25694714ca7345be3c4fa76119feea57701a76358727dbbcaa80d9a56a56be651ef
SHA512690b2b2f94d7f46fae8a08d6892177c04ab5dc87e9b1cd1c90765c7490c0d7e6bf583d98c892be6c2eb4097db20dc8d5aafce8d4283e9085905768ebbaee8f9e
-
Filesize
4.1MB
MD5be91b87e04bcec5076f52ce6cdfd9d7d
SHA11e13bfc13d7b37c7d6a45b42fd04422bd5f5c537
SHA256f38b445b029781565af2fa8e63bbf3bd81c087d766fabaf21d0286eebaeac2bd
SHA5129ade6a04ad9ecc473bb0d92f05b9fb1ad3e71b0b73b087fa534a7a34262df671de1046ba4b03aea3053a74f4e0b5336a579d3fd92e1440cdd7d49d8d7ab125c1
-
Filesize
4.1MB
MD5eab03c7e00bbb3f6c4868faf05d7d23c
SHA1a1a9b69e80c4dbcb06bd595665c167d2c9f6f83b
SHA25607312b5bb3c77f44a477e14a6e8af7de34bee6b7c41b90c222624fb5fc5bc2a6
SHA51223354bc6e6956790bb094882820c8d79ed8bfbb3914a3db7128e68d6653b1e1c9b092b30f4f590a4e31c8859ee11073d5bfda0be75de84a1707a5550bfee0c01
-
Filesize
206B
MD57833648b288c2de2d695c090b404d9f4
SHA1248fbe420211bda1b01740e5dd740ee7264f9a4d
SHA256b55ea0c9c51f9ba6fffad9b465f0a1f8aa31a7805218b045bf98bab41a65ee27
SHA512a79db04ed7c7db97bab2b3580db2cd95deadd8f59f3d3de52b1ce5dd3f47a63acc9cfefc788ebbcc742df83239a388d0e6d7c4b2dee2308a1fe05fb60a65e5dc