a24fd876ba53bd2f4d4dd52d72484ed8b17f7b96f3ddda602fbc7b09e310f99c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
Size

2.7MB
MD5

51dac56d899cab8bf86653bb7b439e50
SHA1

3bbd4e2e8d5efaf20acf5d619eefb889ced14735
SHA256

a24fd876ba53bd2f4d4dd52d72484ed8b17f7b96f3ddda602fbc7b09e310f99c
SHA512

00f70b9dafc5a091505fc41c16a67fb8f439ec21550339060db7b2fdd0d9848ad57fe4e22fb2b185615b089c3f108a48773270d35c140c7c4a7c308507395d97
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpn4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3200	aoptisys.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesND\\aoptisys.exe"	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBMV\\bodaloc.exe"	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
3200	aoptisys.exe
3200	aoptisys.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 3200	4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe	86
PID 4352 wrote to memory of 3200	4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe	86
PID 4352 wrote to memory of 3200	4352	51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe	86

C:\Users\Admin\AppData\Local\Temp\51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\51dac56d899cab8bf86653bb7b439e50_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4352
- C:\FilesND\aoptisys.exe
  C:\FilesND\aoptisys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\FilesND\aoptisys.exe

Filesize
2.7MB

MD5
b8dce258426f2c6ef3a2accd02d5b77c

SHA1
65b865229481559707c368fe77a863e84e3a7f21

SHA256
1fa84023f8d123227a70395ccde60138994adc893986370131d2ef1e51edddf5

SHA512
3b8e7eac0b57cf9e5714edb5a150e34c6b7c654eae3e679ec7fb0479eadc0a3cf670716578b865ce7b625d2050d51bdc3a2fb8b911e1e1bf79c9d62f7f090fe5

Download Submit
C:\KaVBMV\bodaloc.exe

Filesize
2.7MB

MD5
b6e9a468f2a20aaf54fb315093c3ed2e

SHA1
580e907006b8907500e5318db20a7643a583b170

SHA256
d5769a6928a2db12c43c91e12b693e952b594379d600c414a29d49d0b1a03e94

SHA512
6c39922570c25b228cec896f80f8d340aa8596a71cd6f3bf4698b1ab45f3c33b324e44a778612c9ea6659a452ee0c246f8530dfdd91714bba048972755b1517f

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
190B

MD5
5c08a42bf316d93b54a9d18b800ed655

SHA1
02df52f88f1ba5c637cf07d660028ef9370b2ffa

SHA256
89ee3fe77c525e2b9c1c0ad81f0b6359e418f43b9940ba979cce6ad6d120ac1e

SHA512
21042596caf0868fe19da30023213e57a6d8287d197227508b08b0411bc02147c150415deb5d658139b2c0eb469688aa75a01c7e28e155c15ac0cba6e3973d90

Download Submit