4f780492c9a8a825f7c259aae31d0a9f00b435d7f87e297390c8386c63f32769

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe
Size

2.2MB
MD5

080d1485cfbd03b271340e725881da60
SHA1

2806467db3e45e071dd66ef2bf9f1307cd349399
SHA256

4f780492c9a8a825f7c259aae31d0a9f00b435d7f87e297390c8386c63f32769
SHA512

34c57614e5255355fae7bf73e71a2c6266c2b2d6fbd02c7d4fabe61b7af2e2054b8d4b799aa42917d21ba0eb39dc77b1e324b91f82c42f21925432aa62b90ae9
SSDEEP

24576:n2dJqwaZs9a8fbKmIwlDSIerahovRCVCWWO0BubzQ0Rj3jtK+a++K+jNd1RzVCEL:n7n7pNXheQc3Fg7g3vYXg

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe

description ioc process

File opened for modification \??\PhysicalDrive0 080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\PhysicalDrive0	080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe

description	pid	process
Token: SeDebugPrivilege	4272	080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe
Token: SeDebugPrivilege	4272	080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe

pid	process
4272	080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe
4272	080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe
4272	080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4272

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e574934.tmp
Filesize
1.6MB

MD5
4f3387277ccbd6d1f21ac5c07fe4ca68

SHA1
e16506f662dc92023bf82def1d621497c8ab5890

SHA256
767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

SHA512
9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

Download Submit
C:\Users\Admin\AppData\Local\Temp\e574954.tmp
Filesize
1.6MB

MD5
5870ea0d6ba8dd6e2008466bdd00e0f4

SHA1
d41bf60d0dedff90e3cfc1b41b7e1a73df39a7d5

SHA256
5a7dac8c8b5d7cf1115246dfaf994e7f50e16a7eac1488642396f5e23fddfe0d

SHA512
0c620d5e7383adcf979feccc3b1bad584a5cec8b3d74d0ace8bb786f1f04ba87fa70d59d041dc3833977d44a75f2070181d4054c7c0b9c4ce2d66249b4b3c837

Download Submit
C:\Users\Admin\AppData\Local\Temp\e574955.tmp
Filesize
137KB

MD5
f6b847a54cfb804a25b8842b45fd1d50

SHA1
bb22fef07ce1577c8a7fa057d8cf05502c013bfc

SHA256
5dd2f5a957946e0b6f63660ebd897851aad4795d4c847396c47ddbb647715583

SHA512
dd08a55f538e2a33e6a0c496dc97ae9045594cbbf62f7894ae8ded63f4dc0b2e89c5935269adfd1c19607b1d2474bddc49f6acb955e6dc53a55560663ca2137a

Download Submit
C:\Users\Admin\Favorites\Íâ¹Ò×÷·»¹Ù·½Õ¾ [www.zuowg.com].url
Filesize
110B

MD5
f9fc3e4f710ea6068eccca29ed784970

SHA1
eb6f961e7102e3aef227b204ff4dd9563f745812

SHA256
1c12badabe490d7c3d63bb0187965344ce0ed923eab707e446900a9b98913fcb

SHA512
b2d0db7a2c4b4d4e53a8daf2caff6a0ea826133038380e5dcf8c6493417f2884ecd61f047798189a3cff13cca3b9dbe99e5a501ce5de10488b2a337389b019ed

Download Submit
C:\Users\Admin\Favorites\Íâ¹Ò×÷·»×ÊÔ´Õ¾ [42724920.ys168.com].url
Filesize
115B

MD5
514d1b59ae8925c5edea3c446ce588dd

SHA1
60dd675b65c7ffaac6ca731dba265a6f316a6f75

SHA256
6bbfe9e113e075b646ae49400657b8bb20cbab06854b38bf007ac6e15cd7b773

SHA512
5bf3d0f1715b445852ad184907d2161967d51cb8fe9673330438d8705502bc63e263222c43839140c613a427b0b58b297e522b3953c2543453625e01b8017253

Download Submit