5282eeee6c03e653a31c2535eb48e38bc35ed6345e85f4fd168b69a0484a63be

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
Size

4.1MB
MD5

8b6ce04d697da977035528add36d9900
SHA1

fb859573df0fccf08d044b45f5480a531d5b4c42
SHA256

5282eeee6c03e653a31c2535eb48e38bc35ed6345e85f4fd168b69a0484a63be
SHA512

7d939012e9695009a9a59c84d87e49bea77a1d2af771bd4ea21698b3d81488cd0d8a0b1373475e649fe2ca71a72423a81a99ab4ebfffefbbf026024f35ca1cc4
SSDEEP

98304:+R0pI/IQlUoMPdmpSpq4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm55n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2688	abodloc.exe

Loads dropped DLL 1 IoCs

pid	Process
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesKC\\abodloc.exe"	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVB4Z\\dobaec.exe"	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
2688	abodloc.exe
2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2688	2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe	28
PID 2216 wrote to memory of 2688	2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe	28
PID 2216 wrote to memory of 2688	2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe	28
PID 2216 wrote to memory of 2688	2216	8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8b6ce04d697da977035528add36d9900_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2216
- C:\FilesKC\abodloc.exe
  C:\FilesKC\abodloc.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\KaVB4Z\dobaec.exe

Filesize
4.1MB

MD5
291c1234a42417a0e2162cdddde92548

SHA1
701de0983fae402619225edcaefb202429e46d31

SHA256
b24f97c1ec262594998aa2e91b864cf03a44afa94d64e65294009b7cbe1ced7a

SHA512
1a5d5207beec3605d4547022aff2548f0e0fafb9f8e6472313dc6f68d3e57d0140d0c06d7be20af8389536955d524a26efb915889b9f8ae19b7893fd896cb903

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
198B

MD5
b5bf4ad2395acc748fde2f2459bf44c1

SHA1
725c33dddc4c0a18bd7290b0883df3f27bbcfc39

SHA256
7c76940413cc7ffcb2725dcf4288e44929dbfaa7db458e303b43cc3c3acf83bb

SHA512
cd1f5db11ae7ddcf89806bc2c3f2d63e20bd4dccd8a312e9d588eceb577d2318b8ba8b658409b352a230137b3ead1231d5e050580b88b7ec3e45d68d3da5285a

Download Submit
\FilesKC\abodloc.exe

Filesize
4.1MB

MD5
c7ac32fdf3db819376bd6a1e8975ef91

SHA1
c1edd6dec443ffc16d12e8f1ffe65f0b8cd3d047

SHA256
56192f5f191de8a3524fcc15f8c60cd4340ca9553741f248c70b2d3314f7c881

SHA512
dc4fa38268a37443649b9bbeabcce23eb30675f4e8c60ba75109ed3fcce4474504a8c553956b18ea745b5c343012b37dcc89c868a65c87061186c2afd9acae9c

Download Submit