Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 22:38

General

  • Target

    221ebac6c213161c7835432767339f20_NeikiAnalytics.exe

  • Size

    29KB

  • MD5

    221ebac6c213161c7835432767339f20

  • SHA1

    9ef2ab2f9fa7b89ae6ddd71a893cd2ee712390a5

  • SHA256

    595348ff9e70c8ac790412a229fd71c91d905f97e80ec86ebb5357949446c4d8

  • SHA512

    1c1b363560f29874a5a7b3b04bbb69db31550f727966350e8d71e7c299327460688460c0254ba787b9375d7e115b34bfc0664687b99d1d593a93fa20cb5396ac

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/O:AEwVs+0jNDY1qi/q2

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Executes dropped EXE 1 IoCs
  • UPX packed file 29 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\221ebac6c213161c7835432767339f20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\221ebac6c213161c7835432767339f20_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DD719OCW\default[3].htm

    Filesize

    312B

    MD5

    c15952329e9cd008b41f979b6c76b9a2

    SHA1

    53c58cc742b5a0273df8d01ba2779a979c1ff967

    SHA256

    5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

    SHA512

    6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SG9GK5FX\searchK39EKWVV.htm

    Filesize

    114KB

    MD5

    963645ea87aad30392c097b78335471c

    SHA1

    a0ca776c06a7447546eb6ae6d4bb39861d770b8e

    SHA256

    fa63da0006abbacb4ebfe584d6d05ee9656ce52919c46edec23745327371059a

    SHA512

    e35d0b491b2a6c5b3821d334875c02e05fba88f4e3113671f5c1641b2cabfef5531948c9b2616894e3f7e459b5bdd2e7d9dc01514209fa554838fb9171368ea0

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SG9GK5FX\search[3].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WOBB13N1\default[1].htm

    Filesize

    312B

    MD5

    e5c2364375c0a8a786a9508a840b6299

    SHA1

    bec1874db0d2348274b6656d1383e262f73e2bc6

    SHA256

    51b67ae1066eb179562cf80a8a156bbd4b139b83072f610bf62c0b6d58ed17f3

    SHA512

    ee19a8fa40bc7e991ac289eb30ceec8264d6071f124e99791022961c99f25b97def4f13fa96149eb52786d1104d85d20410e65a333304c0df6ba858472a557d3

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WOBB13N1\results[1].htm

    Filesize

    1KB

    MD5

    ee4aed56584bf64c08683064e422b722

    SHA1

    45e5ba33f57c6848e84b66e7e856a6b60af6c4a8

    SHA256

    a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61

    SHA512

    058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WOBB13N1\searchEV3MW23E.htm

    Filesize

    141KB

    MD5

    564fcbd5dec43107aee8eb1c7ca562a2

    SHA1

    6d55a030f66d6b345580a78de1bf2ab7388a117f

    SHA256

    dd7f605d91aae0df38964bc9fbdd93d07abafe1b903b5bb02c66df8ba8793ce5

    SHA512

    6974b2be551ed3e1a8c8bafabae7be80a0aff2c71ad6874c48da77f6f79c413498e792ba6a6d3d374f5b273f6d9b60c56f42419c4748f4cef5e7e755a66f31b0

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WOBB13N1\searchFJBBGJCO.htm

    Filesize

    124KB

    MD5

    194202545d8c0bbff84806aeb001714c

    SHA1

    8969ac6c87e239eda872fc8f835c6d8c28652045

    SHA256

    53bb754d2fb2e23885fafd73d21a2f501d9c29930b7c54a1b6411f94d977303c

    SHA512

    950bb9b13e1ed14d88277b9b3bd635e2b684c27da8cf9f24395e8fc81eb2d8b1c153c6cc1c70493110a6654c3c765e0a0d96a61de02bd3708ccd3d4f1acf6b99

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WOBB13N1\searchQVOH7HS3.htm

    Filesize

    174KB

    MD5

    a94b97d73eb97be483c07edc96d76ed9

    SHA1

    bf95e0eb58adb5271904e0efccdd54ad21dce573

    SHA256

    f2d63cec8b3ae600e3c5dadf8562ca0dcd175dc1c470699ee27402d018af44ae

    SHA512

    d351858d5a6fa09362ac842c37dad9efdcbf18bbd3f4a6002a313ee12145d408803938cd07aa9ff877841293300b92d64af1e8a90d8e47bf91aa7a2364b94e50

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\KINJL14U.htm

    Filesize

    175KB

    MD5

    5fe01db3af375e85163921bcd438d8de

    SHA1

    79d1c47b38fc897c0d13fd4293e5a9e251ef985c

    SHA256

    86fdce01e7317be418aa9774124461674af0975592fa76ef198fa693c18a6997

    SHA512

    a2541fc4355fa383ec3d4da7e6447421a2d25a64dfab151889482d2816c8ae61af9c191a119d583d5a00dc4e1f8036cdbc415112cc426c24cebbc34373b6d056

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\results[3].htm

    Filesize

    1KB

    MD5

    211da0345fa466aa8dbde830c83c19f8

    SHA1

    779ece4d54a099274b2814a9780000ba49af1b81

    SHA256

    aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

    SHA512

    37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\search6DGH4446.htm

    Filesize

    135KB

    MD5

    a3fb273eb70d5004c9a6e580873112ed

    SHA1

    079ac9000356708bc7fa5eb56c13010e7193c36a

    SHA256

    c8872b4f54743004b8a8a9b48951245ebf746a5eced8b02503b7c3478db46565

    SHA512

    12fe66f49903579477199221aeb1e1ccf423ece6732700dd8dcafb4c15fdd48af1fa9aaf916f2c46c1ba76fa29d761a675161cbba4df0eaad14c6a60b1a37234

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\searchI360G89P.htm

    Filesize

    167KB

    MD5

    e7c53534d813fe9390cf1ffcfde1776d

    SHA1

    aa390269c73b2707c0fd49d1f840041ab80b403c

    SHA256

    661667d69bf8b1978561a1358af85f5f814ba242594c9f49aa3446eb503219cd

    SHA512

    9e96da9ae5446019437e71f5a9e3f41dd636767ccebb18c76fe891f438fe3ebd0562c00648cd5bf347024fb85fb2a06d48d826d95d7ad75d26114c37b481a4e9

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\searchU52MTNRL.htm

    Filesize

    153KB

    MD5

    896e9cd9c6203f8ea076b22fecfa9773

    SHA1

    f24a78da8055e814f08f4e1307d996603e8238e1

    SHA256

    e518b34a2aa93589f43b16339a73711c15cb09841ef6dffa069a3f529104b537

    SHA512

    ff782f43ca23854ef883fce40070f792215fded9d29b07a93dbd74b60bf6b8899e88870e01700ce8bb343422181698ee95b92dc1ed7ff078dd52c4be48ae0aa8

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\searchWPKC330K.htm

    Filesize

    151KB

    MD5

    8732993a37b4b5534cf81eb2f53dbaba

    SHA1

    dbd664aa1f8d16363a6d4e25773d1a9d62d42e26

    SHA256

    8c1235c32a0e8ac72ed56f7ad349a86a46b7c94954660afca9b1dcfb9290cc46

    SHA512

    ff7615ddcf5e7363071f57a5c125dc458fbe575645b382ab8bd7abced1ef029cf3a3865eba3871c421e96759f906da511e33d12a3250666e931d440ebc34e910

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\searchX0ZCPOS1.htm

    Filesize

    112KB

    MD5

    7d7c5e9cc3334d18fe849038b0e87974

    SHA1

    1e38bb92d64e912c571f27e18f3816aedcbe9d35

    SHA256

    5869e5864d9244368ac3413ac6cca59d58d82097b4dd1401ac7d4bcea1f52d08

    SHA512

    c5a2a3b97b58bd29cbc296dc627e77d79964d2eb3c0055a43f5c51c816e7b1d79f4d8909dd9cd0ed6a6b43e1ba73b922d0062028f4e7d74a39cc7881466059fa

  • C:\Users\Admin\AppData\Local\Temp\tmp1AB9.tmp

    Filesize

    29KB

    MD5

    b06e6eef1d26b65ffb1cdc70e7245beb

    SHA1

    be4a6e3ca80ec0c3dc00c2fe5957dbb924508b8b

    SHA256

    a6d90eded967ec3590b20e1c6e5b710cb04b143c30566478cab4a3a333ab3177

    SHA512

    c7bd11e5022973d69fb92df72ff7e0829df19cf1aef4a25f56dfdcf2c9882ab5e68c1459713d48db4a6f6f4ae5909b8f626c50b29d083534693d2f432860d9a7

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    6c099dd3fe44e4ab2ac16be876626f01

    SHA1

    7894cdb6300136c511e8c3d5055d5e484dd447c7

    SHA256

    52a892b02dfe4cc710d76ffc7d9e7f72086b6519cd86f7217634b96e2313c97e

    SHA512

    953efc18c011ffd0b76efcd626b2888381a265a743c56b29aff05c7dc2db4d2721ca542d4f28eb69176d9a888317323c424614b07814fcd087c1e25c4c15fd29

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    ed02366e28a5c585e12ef705cd2b9984

    SHA1

    847bbbda4485028b1ada4b460f78d3a4093e5f78

    SHA256

    24ef5e9d0ab8751ae66977863b7140ce3ea775b5739d4064eb82790571ed17c2

    SHA512

    c72a1a13fd329f26b99a8bb57584317294bafcd7a3f787de444578861bfed25524b73126862d77f0d3ef9a991cb0a8f028151bbe811bd2c3cb4851b182e384f4

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    24cac1823b268c706f11b8132da2992e

    SHA1

    0f8dfae6f442a40417b99230c30a5769e23aba3e

    SHA256

    1f4e3e8e3dce15cade69629b7eedff46efbed5fe853498aeadc10220ccead9b8

    SHA512

    f0885d592618ab438a932f8ae8679f63633f95ba56bca8d21b6ac44315bc91657ad202c1e15ff2bf75fe39f237cf99a95772456076116f26f6a73385d0ac9c01

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    6969d00683ba4b4a21b52e431ecfc169

    SHA1

    a4a232d2432cb11d7f8d2f57192207ae071e34e6

    SHA256

    c21e030ec2328e6d2bec5815fea035121e174d157f5138a3ccce88b361ffaa6b

    SHA512

    2f940495276c7fa31c5429e556389595efed79e862cccbe6be8fd742ef6cba55088e6a90d8b0a971dbb14d1eb82a9a51b049f75c8fffc57d6bf5e68badde72f7

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/2864-81-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2864-181-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2864-245-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2864-648-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2864-249-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2864-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2864-193-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2864-501-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2864-334-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2864-25-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2864-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2864-183-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4768-189-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-502-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-82-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-369-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-184-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-194-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-182-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-14-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-250-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-6-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-246-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4768-649-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB