Analysis

  • max time kernel
    118s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 06:52

General

  • Target

    239284bf4df94e978f6e740f93a1ffc0_NeikiAnalytics.exe

  • Size

    164KB

  • MD5

    239284bf4df94e978f6e740f93a1ffc0

  • SHA1

    ec25e8600e5104ca87c4ad6741b720b0b5dc098e

  • SHA256

    6351ebd94f0102438e23cec325a6603c0d4caec3486014b16610eca86461a68c

  • SHA512

    05d60233ef926c9c8684deaa09afb4f655257bed44507cc213ed297b820016160008c7c5b895da7b734ecfa13cbff8120ab96a6f193de4dacb4d6c2f4cb7247b

  • SSDEEP

    3072:VKApWb9m6LgwsK9KRaxkV6XyPJN1Go0R0wjNH/qpXUF/djNXolrgx0:VqblytGV+mEy/dalMx

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\239284bf4df94e978f6e740f93a1ffc0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\239284bf4df94e978f6e740f93a1ffc0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1444
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=239284bf4df94e978f6e740f93a1ffc0_NeikiAnalytics.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1716
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    dc2f3e2f46bc552c5983e9cd1b070ba7

    SHA1

    e6f11f956cb1892caf1eac27ec36022031ed6f0a

    SHA256

    d280b37720d93e9fe96b85a120bab405428bd258120f368b873d0050134dd429

    SHA512

    a5c4ed178d15030f565fc4658bf0d31ccd8eb6bd3eaeab9f72a9d6187537b892b80d6813365e524bbf6cc73385fabc5efc935dca72b58d0f7fd43a0659464ca8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fdc74e2b9d28579c07d2c93c51f19a7b

    SHA1

    07ab962d7f31e5a517a6b0b714ceea3d32a98d91

    SHA256

    20ed11af8f73d25c0a2975fa6b0ff911d25d79716e101ed70da407fdee5746e0

    SHA512

    cd98d0241f8b5cdc81133c6ffa0334bda590069d6bc58c76259c7ae9d42dfc2a19b63da9f6ebe4192a52f2e743e8f62a03dca61bc808d2d76a3e8d21c86ab536

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8a59ac8b794fcc37d65938c851fdef92

    SHA1

    4dd4e17635e79bb1ef0cf271d4c610c02cecc3b7

    SHA256

    bd9bd0e4dd1e6cd372ba6b14c03c5497532c89978861433afc8069cb8b6633df

    SHA512

    d15069c450737d90fafb6a752848d2d89ac7f84cff2f4b8e58692940f7099ce186731011833949ee3988387351f655bda3dcc3b0c0610083cad5275aaa82200a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    145219ecc62001ef8dc8b8c19cc40a11

    SHA1

    a9a16c5e3b7601e84e3ad7235c75a13b57a90523

    SHA256

    2797cdd9005c4c5b3fcf562b089505147ecc4c23d9ee7a4c5d63676cce34ed0d

    SHA512

    690ae15eff7376f86756ff884e79aa42d1e4f6385031fe3e72957ee31613cf91a58a0522bdd92392aa838ad7f0ad1459ab63a658708527d2eb8506099787ab06

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    99177c7911e9fc1eaf07ac7b3be0d13e

    SHA1

    32f27a075049d7f9befa923d7b4d2113923a66c1

    SHA256

    57549b39c72d0e4fe1311280d72615d076d292e80998694581916af2b52ae33a

    SHA512

    a6266885ab28041125bbb1e58cdee7887a1e5103e1cfe0dd654fca788d718c2c31dcf8b2dd9a896acb857fa1f372c00f1c63051d74ee10e0178c41808fac44ad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    242e2a858d8b1d1a80780dbee08967b5

    SHA1

    2f01589ea3b5fb1d00bd2081559a90853c5c4430

    SHA256

    4189ea982f81c1b231a87d5a88017f9a908e6fc51a472d81ec0ddf67393597a7

    SHA512

    2df49c560510d4ada401ec8b2e9ad9273a5ae0a43820195ffc7e7db629b78112bc2a7b9d5f440c7639a949caa2bc721d0b16bc9c64b21ab918de523baf06be9d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    46bdce158b53dae1cbd98e3725357f43

    SHA1

    eba9c8f252d27935a4763eb0971d20ca45fd8cb5

    SHA256

    4f551133d8b452c5b3f0602c03111497758bfc705ab0adf50463628f7204c081

    SHA512

    7d2aecb6c372f7bd67f57cb54cfb6e450871adbf5d17fc3296c962f7f58cfae642c603c2a0800fd39408e557e65398992c5de0037bba6ad886b9aa3fb5b065fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cb9e2949fd096a578ecca7775dae82bc

    SHA1

    b68ca8bf046b4795b8426429defeea0b06f039d1

    SHA256

    248d719825b62d0ff9296c23e40d416a00affd76d8553c9749fcae970481a682

    SHA512

    cf3e902c3c71931d47063b61a21a8c6e1538aa8d2c87795cbbf87d0d01cccb61afe07508df5147a69893bcb6d4cea67f1bd87c10fa3797d5e1aa63b3d72bedb8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0a5e8d97da4e33ab30133417ae3e2933

    SHA1

    e1b1f275a360475cad86d0ad3dcc6627a4f467b1

    SHA256

    8d16321dc7d7410d4b42d9030fee113bba911925d9d6faa04855d9cee27c7414

    SHA512

    d039cc7bb202e8b8537b5124c36bf898772784066238d6fa2ad8c8f28b471897a2df8c32c0890f102d6ec0927041ed74b1d2f3ccf6cadda8589f02492046cb81

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b0b6f2452166173beb2dc9ffc33279a2

    SHA1

    60c7ed143dc038e81e7dadd5518afa16622be574

    SHA256

    f4386c90b11cdb25d50e057b919e9bb24a0dfabed9d20b1c3e48b627f6fa8a6e

    SHA512

    f52fb9a9d2afc195eed677509a6b8943d9d155caa92de433c8e8fffe2d06071244f25f07e203c089ff91075fce08f3f58d3477c0766cbfa54280923456b1e8a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9cdb17bdddecd7a88612fcce8bd32936

    SHA1

    c62655645ec4935409a643d1d4284160d615d09c

    SHA256

    25b4e7709ce934a005b6b5b8bb25ac27afde154ca4cfe8b4be3ea59538f04424

    SHA512

    9e8a411bc7bf64a8e7fe58830ad014c26a8b8a384bcaa8a71022639c41e73371bd4d75e0119e2143a6237cd4197805580dfc2a8cd56c8435851cc1bf9e4a312c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c71645a4b8233572872e66e966e5842a

    SHA1

    fdb87cef85bd0fdd39b0499652573c217306eb44

    SHA256

    7713e7817a2863db445fc98b925bd81466053da550a310fe66ca82354970fa45

    SHA512

    20851b26d4127db388bd944780e28213aa4e7e9fab1d58f1f1c482ddbb8dac2bf28f11023303af19500ea5d7a52c407a6e158b33eda2512802dfd0b35b32cf60

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4e1f15dd1c392080cc9813b070a18807

    SHA1

    84efbe192ab5e361212eabb4054138aa963758ed

    SHA256

    d28eb3529711f33ac216cb92d535c3cbfe4acaf922e0ff264755bea8fd8c6531

    SHA512

    7c322d27e13d988d99541938a35d3ec29d358a738c7926de578444c94d8948ef4641aee06acbb702e3d7286ffa559764585943ed79187a282dce2fbd94c58fae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    17aacf02009ae9bb5871fcbc0d4d3a20

    SHA1

    7975e5d243a93197c8f4f4b0f3b9c181045b9230

    SHA256

    6ebcd617f5711ed94b85eb2db679e4efe6db86e382a48bf07c951a110e83fe31

    SHA512

    c574d33e2b0069b4bded5e4b4de81814a251df9ea906dd1fdd196d3c6a34ce14afe680c1126682165374004f2ba09ccb18c9c4555fb1afeaca7ccf72e61a67ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e1389e8b5762a84ffb37488dee703634

    SHA1

    f668019defa88b315a5df0c7a4c9f1bce944579c

    SHA256

    70322c852103e3d17cbdae85d6ab3c5f7659df970d3ce9d27720e72f5db656e9

    SHA512

    1cb2c843b1c25d7dba93b5488a1c4a216c6e663b3facb0d46048692c38e1f307b84dc098da5563a1e2e2ff6421eb03ce4f0dfa1331554abf5d351b9311cab36b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    98e1716407d4adbcc96e5bd7adfcf86c

    SHA1

    faed43ae68e2607c7f1245b2a809bb3cfc8628f4

    SHA256

    c2bffdf44f80db6a340cce8b1a7c15d6cde2c292d1a3c845c3643f2b025e0c4e

    SHA512

    a4cd8b495a165497bb6a183cf5d196744217958488e76f7a2efad729c9e9255fb5e1edf067bf5e21e2881f8163dc9e4ed78acb6c231f7d368f609498d60e8493

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a2f0f51eb413f46f990fd5b18926d833

    SHA1

    8827bdca4139daf28de568138865b00c6880ec96

    SHA256

    89f8e3d3ab7463a8edb1a897dff50ca0be47f7896c786e9eb3a718c9b54acbdc

    SHA512

    741195c71e956b247d89b4b229bb4a4cc008180f2a3081dfb5f037bf4166d84e2acd68476fa1c99d9186b306f45264bdc764ac437021a435e94be315e93f1f57

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7bad70f322e0fc3f6fa13dfe77b63dae

    SHA1

    8e4e43df1f5e873ac04908512cc0e6ee81516f10

    SHA256

    2c89bfb6e4d6aaff8c2cc11cc6a8b0ec77afe3e3f479a1129a59d15548fb1a6b

    SHA512

    fced63813eb5b324dc913caa276a628772a49aec3bef7bb551e1697f878b556d58a53924bce84339f814d3169af793a63b63a0e96dd364f2a07f9b909d89129c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0e48dc787119de74e47042fc39bedee2

    SHA1

    2c90d271710b73f083098e4ecd3be9e675165716

    SHA256

    cfffa789336e8212c40bca75fe8ee3268d3d4e6a8296c857e1ae855cf552f29e

    SHA512

    5fe3f001976f058f063695c15ae22c1bd03bb11b50c400dad424f9a45c15e4d27bf1289407bd1ccdfb784f29eda628ec43071ec1c5cfa1eac497f00777192abc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5d334cfdb3ae0dc14b0efff1fcb21167

    SHA1

    32620f2873804f69e3e6464865f473b19401f295

    SHA256

    5522f82893564a3d114a6a98932a7ea3e2eb82e9b2006c5843baf075ad1db2cd

    SHA512

    08efb0d03e826d4b6c066ab697304098df6ea617c3fa3e5ece3e1aff42b436293551eaf734a087097a8869c29330c1c85c3fb1e7218962113916b172924816ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5cf1c89704d43baf41bb638971a732e9

    SHA1

    00f05175478b1ef20cbc391da269a79da84904a6

    SHA256

    7f99cdb9e0d6fb1616461169d64ede541b12a4216547e684d7d194bd7b8a9f5b

    SHA512

    5d4a47808189a1837530a6ece3a958fd50e4dddfaa253ee1961f2b098ad6b8028c48d941a6a2da0ae7a4cf9e784ce5e3a925b5dbe08b3562581302ddb66e6395

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2e25e3ea1e4515cff261e57e63204d5d

    SHA1

    8578b7d8977f08e2ed415118b473349b6c0e9cb0

    SHA256

    d6bf8c3263dd5ea85b096a01272c76ca86d4a926ce8bf3ea5856ac8b641e9258

    SHA512

    8d3c0eca995648fc8e37252c6209dc9dcc0824e50bde303515d12fd944499ae9c26e661c5c0cdfe6f99f6e4561192a7524372c3ba0465dd8952e14c52be4e5da

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f73a2662e0078e091a3ac4f582970f87

    SHA1

    80db83be6b05711c4465de0d89fecdbcdd62921c

    SHA256

    1373a3b48156a29bc5b9c7a514003494b19a3e1161815c79f1594d9bdecb3dc4

    SHA512

    3357e72d80540556b48ed4690754c67d344bdd48b7282a9df8c508d9ce0e29241efbe6c5a2ddc8d5f0161b9d8ef88f6c2e67d981c07470bc8a16836884cbf921

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b7e6c56c9ca33346de2d16b88ebe80e0

    SHA1

    433608158768caaad8e131df954ab4ffe25b77e3

    SHA256

    13cb8dac5a5157b818cbd370ad9b9ec14334feeef049cf94fbfc69690ee5b195

    SHA512

    3057a4a12f238b6dde82f19edbf8ce5c8d73aaacc30d68cd97a29e249ea2c1238603d1beb03a6058a2b1b8777764bb98dd6a03ab6d7ce6fa79afdfa6e85c68dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    420bb5587843bfe3f4a4a4f8510acb14

    SHA1

    db8e4bd3bd6519b76c701875d4d8642a695c5c1c

    SHA256

    4b0358f28137a274f57a058720520ab85d9759da840ef4fe77123d48146e7333

    SHA512

    5afa47aaeee277061f88e204d70cfc8919fb4e9d9c15f4be4bef6e0617a84ecedba0c526959be9015ad2838e967458f7873144a437915a129e378b2f02b64943

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    70011c9dafed20174604dbf473557dc8

    SHA1

    bd921c92deacaacff9a3e1ef7d830dcb9c4d6242

    SHA256

    fc3b0a9d56acdc4cca901542d6edbc7949e55bb72d0bc80cbf9d50f76b9f0eb2

    SHA512

    108c7f46894d08f84f0f6d833c2f8339f122894f792d420fd42940a49e30e2417c3a16e68bed8ffb1bfcd9e373ca791878ff0f8c2d4645f05d9084ba33e10093

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c8e2908681422795183a063ba86a4219

    SHA1

    b94ecf474db5e6be30fd13762f9089172d41769b

    SHA256

    73767c0a1cf19bce1180ccfd10e5715e1451f512f437a99a5b663f706802059d

    SHA512

    3c67a0fa79a727c1e3b291f3a3263dfc75538c75863241d114ace3baee57c1a27d83b3835b2e80fd468e9161cc4cf43aa80e20a1817349296bf9613dd5fbf78c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6a2f033f952d056ba8b87045d8ec0f1a

    SHA1

    74aee4896d5749d942e0483bcf97dc59fac5a0df

    SHA256

    b37079d5c9c72ba6cd84204a555befda707224cb7b5a684ef73aaef8f252541d

    SHA512

    6dffd04282a7bbec33ef2daa05c6e72949c873512fe2e14c8f62e65bdcfa28122d39f7ea63bf186d18b9fad6f3aa6119c52dcae8dddd88093443234039c37d32

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a6e6f0053437eb3e715709816450f992

    SHA1

    ecb86043920ada8f8f060099ce2bc9374347c242

    SHA256

    3ea20b3341a9611492f1a907f544b27233d2a6f8dacbd8cc1e20311d722742f8

    SHA512

    b7ab4d063afdbec269bf8cc5b758d341c0451c426e2459700c4d7cdb03cb68d386a95caacd14481fcb369651638efde774b7d2a6264457279b2c30ba9b002a04

  • C:\Users\Admin\AppData\Local\Temp\Cab4127.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar4188.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a