Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 03:17

General

  • Target

    5a4f682610a95f7168075b335e8686b0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    5a4f682610a95f7168075b335e8686b0

  • SHA1

    8fb0b6b840dbcc54cd191ddb21caec280161d93a

  • SHA256

    f0b1a3da5db0f9783fa7b583eb8b32450028fc4216b3cd107367ec3d8c714460

  • SHA512

    74f6f6e67c15e403dbfc6abd8f3e0c4208e1e81c0dec820b0ab9cf17f32688d932abce583654feda85e0bb6eba8d749651a1cdc945cb02702b21e4784ac7d10f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBX9w4Sx:+R0pI/IQlUoMPdmpSp34

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a4f682610a95f7168075b335e8686b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a4f682610a95f7168075b335e8686b0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\UserDotLO\adobec.exe
      C:\UserDotLO\adobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2944

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\LabZX1\bodasys.exe

          Filesize

          2.7MB

          MD5

          563fb2603ff748c39b99d00d5cafda17

          SHA1

          d39da2bcb40eaa19a775f4a81b349c731cdd0161

          SHA256

          2b65882c8a589c99bd7efe83c08bdc4eedd84570d102876388fb8428ff8c6d5b

          SHA512

          803086526ba0b182f700dd63e9ce02d3d31da3ac781e37867a44168ca2f569538c58747d0c0eddfcdbb4128beffc665b005557aadeba9f6468e0e028298b1dae

        • C:\Users\Admin\253086396416_6.1_Admin.ini

          Filesize

          200B

          MD5

          0a7a707d2d178c6d82c4fb8e029925d5

          SHA1

          049a81d69e40b207c4dfcdcc8fb1d7750c72f1b9

          SHA256

          d19a1e51214538187c712bdbfeb0345a88ec7ed5f0f0d7ea46bcf2ca4b06840d

          SHA512

          71754b24c86c2f077a1f0f1aa9cc90f814486d9d67e3c364caa42ccbb0b7f017ff4e69f6fd994fdc2aad1a3b44699c7066dfc87382ae44c632775e2b6a94cc52

        • \UserDotLO\adobec.exe

          Filesize

          2.7MB

          MD5

          b5c6fd7d2c0a09a7032ad55ed05bc8ec

          SHA1

          c77bab7052262ceb9b8473a88fc6f65f27116754

          SHA256

          c7cca1f5c1cf1851378baa6f60c543f5b93a9afb7508fe4b2a7bb6d393d400af

          SHA512

          7901456a6626577c20564d602395dcf4a8423ab806b0ebd0bc5b37af44fcf14eafbf35ad117f1ba5e3dd61df3befa2801fdc17f9ed3a58fc586b628d91abb8d4