Overview

overview

7

Static

static

3

5f70c69633...cs.exe

windows7-x64

7

5f70c69633...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 03:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f70c69633be4f8692c2875828cbedb0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    5f70c69633be4f8692c2875828cbedb0

  • SHA1

    f32aea5a22afe6608ff3f4600811f221915faa6f

  • SHA256

    28f021005f328ca56d93036ee130d8226a849872afe3652d45939979abfde7c8

  • SHA512

    0072a023a8bcd679406a4e373f31becd2c35d48ec6f36279a5c7581191c5b54bce1c149fec1702364183c71a1808bedda1c981695549d5ab8fdcf171e4fef4b3

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpn4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f70c69633be4f8692c2875828cbedb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5f70c69633be4f8692c2875828cbedb0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4888
    • C:\Files19\abodloc.exe
      C:\Files19\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1868
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4256 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3512

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Files19\abodloc.exe
      Filesize

      2.7MB

      MD5

      1453e2f4230c9f0c145110a49c1ccb8a

      SHA1

      8ba745611f544142d8e0d71b79f9542c853cf7fe

      SHA256

      25eb046ed4aa79da6f5fc62b0beaa99041a82cd4fdaef7399d92e06a0e3f93a5

      SHA512

      5a7d15bc0f81092a71c7b700118e1e8b36e144f0b2a300babee417da3b023c7a3cee668b54cba9ba635324fe4d2c1f765dbd8b7b8cc3da3325e6fafa0f3c61a4

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      201B

      MD5

      e13f610d8a1f6a89018b1561feddcdb6

      SHA1

      c37a2aa50683f16a7d7f81333434b2c341d542ca

      SHA256

      cfa83d9256d485b22fe20dd1d94938d5e35481e84b282a1fbe8da3df3895e535

      SHA512

      0dd69e3e5312c456fb0fa168c03a7297145a770d4d545c980b921625b1db49b531c653d3bf730cb7cd69f82886647740331bbcf7ab5065bccf149f64da633a23

      Download Submit

    • C:\VidY1\boddevloc.exe
      Filesize

      308KB

      MD5

      4b09d06dffadbfa3b3bb2a6796bc7571

      SHA1

      1a32ab997e6198454dae53221ef3759ac0374cba

      SHA256

      bdd2057f417d9687f4af48907f3194e7f86ed56a10f755fdb2b66aa71d8c71cb

      SHA512

      9b7757942bdff2f3a7b3fd35747e33671d14efa5f8d6233d156444ed126fb4e3dc21a12fdabd3e23ae971d4a4affce48f57671662113eb9ffb58d931aa72502f

      Download Submit

    • C:\VidY1\boddevloc.exe
      Filesize

      2.7MB

      MD5

      4be6c44b6a008be80afd8d388ea4f904

      SHA1

      bf30d7d470e58823d230602de3042bd6105746bc

      SHA256

      254adb24d89ed653fa5224945dda7282456ecc4d797c686a3c6f7ca93ee62fd9

      SHA512

      d41537fbd568cc4236df920b4da278102498aebb0b6a552b74260598171b7e03dfa00ceffa5d54e1b73a9314c427bffa501a7d0a0055df69cd85cec80971e56f

      Download Submit