7db61eedc512dcc3d726a171debf6d14d6feebac562d86ad8a3c634a96452925

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 23:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
Size

2.7MB
MD5

2748d423314876f9cebbadacc1360930
SHA1

c6941c346b8b4cb362b231f073b5763852995d74
SHA256

7db61eedc512dcc3d726a171debf6d14d6feebac562d86ad8a3c634a96452925
SHA512

e37d5d0c3d8bc6512ba80d73403ac2d1e2125120b22f78ac1b39cee2529844f0319a4f01a3156673703fc357750048e6c22893f34925d0eea566c68138397362
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBj9w4Sx:+R0pI/IQlUoMPdmpSpr4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3664	adobec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotBV\\adobec.exe"	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintDI\\optixec.exe"	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
3664	adobec.exe
3664	adobec.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 3664	2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe	84
PID 2276 wrote to memory of 3664	2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe	84
PID 2276 wrote to memory of 3664	2276	2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe	84

C:\Users\Admin\AppData\Local\Temp\2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2276
- C:\UserDotBV\adobec.exe
  C:\UserDotBV\adobec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MintDI\optixec.exe

Filesize
2.7MB

MD5
a7e730bcc84c73e38956bcca3e7b22c7

SHA1
2779e7e0f169821f6de30215721aa1a6e0fb3672

SHA256
a9fb232a7e744d8b7a07a87f8b4397b22fb843c3aa2dbd9829370696d974094f

SHA512
aad3b02de0401717c947d704eda397375268974a613036fd2be2e90b7bfe32690eccc083546d685a2abf8bc58e30594574483a0827c2fdbf04a65d50f6fe1cd3

Download Submit
C:\UserDotBV\adobec.exe

Filesize
2.7MB

MD5
167781db59ac20a85fa5fad0a74c4514

SHA1
9e1e66d4f1e4933cb86d675a10cd5a70777b9675

SHA256
586eb9c62e880f380673090f8625082dce5915f1a8f4b83f1f91ee72389cba6d

SHA512
b6f116d2432a13e11fb16edaafa83352196e9997b06d7c05d511f43ad02e9ab7047579fbf3a0fc556ab326646d3b3f89996cbecb66b8892577a147a94e0eefa6

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
203B

MD5
948c5b7e7c0de1f1cfacd70375e9b3bb

SHA1
3e64f7d752c85b362da958dbb2fab9a314800bfd

SHA256
ceceeae019b8e52a477fdaaa5b257240f256da6d9128248cd75e2a02e89ff524

SHA512
a13672d1cafacd39a8f08fffa4136789d8c4a2b1fd3797b6cefcf1c88b71e8acb6e7887ee24a6f2556c651f638c80d9c628e4fb057ec855a22e697dd93b7304f

Download Submit