886b134d679ed1055d51571f6e16d02948c8fd80a6c2561a0a7e01c69838df60

Analysis

max time kernel
34s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1931de40f2280fb96c7c4c455c1ec330_NeikiAnalytics.exe
Size

2.5MB
MD5

1931de40f2280fb96c7c4c455c1ec330
SHA1

a0e4940df54e758b6efb12e22937d210ec250745
SHA256

886b134d679ed1055d51571f6e16d02948c8fd80a6c2561a0a7e01c69838df60
SHA512

1f471bec05748cc47792fce19b3060fb9d1546496507c615dbe49939cb29087fe3f41d0783848e10dee3902fac252617d6c647c70dc68b95e1b0c828bcfc7fe7
SSDEEP

24576:FNMaYe3npi63ij3npi63iy3npi63ig3npi63i+3npi63iV:FNM9eXpiMaXpiMvXpiMBXpiMDXpiMq

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe You_are_a_wanker.exe"	1931de40f2280fb96c7c4c455c1ec330_NeikiAnalytics.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\You_are_a_wanker.exe	1931de40f2280fb96c7c4c455c1ec330_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\You_are_a_wanker.exe	1931de40f2280fb96c7c4c455c1ec330_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1931de40f2280fb96c7c4c455c1ec330_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1931de40f2280fb96c7c4c455c1ec330_NeikiAnalytics.exe"
1⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
PID:4036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ballelong.bat-

Filesize
2.5MB

MD5
5457dadc495e2969523c3bbe1ff1941b

SHA1
ad89a6d58ed171f52152e1c2b3f31b4ab2210547

SHA256
7ea0b4a877c5b6387b147176863f72710714c30d0c13abf9c2c2eb378be24334

SHA512
f9806fbe350e7942b3bdffa2b558e251eface66a6be60065dd27e48145a30da30dae4ec0d882581c6dc67d6edbb46e7cafcbc0367a1b839fedafbfa746e14a00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads