Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 12:34

General

  • Target

    c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe

  • Size

    29KB

  • MD5

    c05bc468e44951935a58c1323d48a070

  • SHA1

    0b92f38bc6141065041406f90ecd23f6e960abad

  • SHA256

    f7c4aeaa815f44454061199f2d8318724e333d1f4a7047fb1caf919ceaa6aee0

  • SHA512

    b473269981f11f0f1fccee89938f931d069bb42c0618ed7f7e25e14b04b2d37a30f351b2c6decf81442b67259209498304d99a414c852d4d5f1b8ab395a389a1

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/3+:AEwVs+0jNDY1qi/qP+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 28 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies system certificate store 2 TTPs 10 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2332b23c6772f867c1adf1541da28027

    SHA1

    b5744dac5abffdc94f835221aaa85a6e3f264556

    SHA256

    12e7805ee9072dc411026d781eae4b8c3f714c458508e3233f6e3e5573ddbc2b

    SHA512

    0ff5fe8cdc99ef979cb00f4ed5dabe21988025ae0e6bfd73ee56d4e07179029b6dfbf19fed8b319c57e6c2cc23e1ee79dd021a7e9a7608e2b73f48597722007f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8f594ce2e064657b695e7a1d806df123

    SHA1

    2a52c820569f2684dc7986eb030435d5fad84982

    SHA256

    c2e56c0de6ff643c68b0517486d7402642b7a523e931067c0875ea9e0eb1b7eb

    SHA512

    6a93073de8f9e3bd9f00477cabb7f669dfa7c9f3c43983c3858a4f1cfa8a84fb1ff08ec15801469dc0f347c00ea43f1859165c777f25f79f9da27a921ebc40cb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d7a11a619b98160efb03341eefa0af30

    SHA1

    fb9cec43a230da64458332be28ede0c024eccde5

    SHA256

    41ea3e1784c7a9deb87ef920b266d85b46c45c0502dc57356cf57f5cfee6448a

    SHA512

    465975929409edff0f79ff0001623784a1544d9f633d344d00ddada7e50f2cf43b69feac372807f0cc71d291fc4adec0641d88957bd45faee269ea5783768f54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    404a9ccaf7a3c34594a8e92d8c6b89f1

    SHA1

    ba67cb40d7abc6cc0007634b4bd1dd6a4f716d1c

    SHA256

    79c2c7969dccbb5ce6a77b4a968d96f5759a0dd916792cd4783f0155af2fd2dd

    SHA512

    61fbfbe717dda24dc509d1240184036a683f83b0eb894ed5e13ef4228403ea437b3de747c12d785234e8d8e86db4fb1a9bbb6fa24e46d6669436084ede20b377

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0013a9e7336ff93d71e01f488e9b1c61

    SHA1

    51aa881b9d504a946c45f7008a5ed906a598ed14

    SHA256

    c68f56ce68d9336ba8dc297d98f56b7fdc4bf0992eaa9e8d13fe906a4bbe9cd3

    SHA512

    e96b700e2b1251c952156edf858a1495bcfeef22d9b28ef8671d56d14f9ae026fb6e2a20879a1300cc9a5246e36293029744692a07168c96d633a338f80391de

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fb2e36d579c5d618b45a98f91677ba3a

    SHA1

    cbc96e5270d3963b52363cfcb62aadbbc9910adc

    SHA256

    8a8ca41fb1dd3110ea358e937c63a753084ad033aa37530145a19e270afa7e64

    SHA512

    6b398730a9c9588a3c28a1bf3dca28ca6c8d9e6d4b0fdbaaaeb20dafe52905a541237806cd05441e21573f5dd5f012c6496dd27f89ee85847008c5af9941fe50

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eaa48e84ed0c82518673008f12d79b59

    SHA1

    15f123e3b774543bcfd4d99d187439c81178bc4e

    SHA256

    abac8ab0a581dac7955e6188149b2fa622f0d11d46f21cd131b1a7a49a75d9a8

    SHA512

    1d9500816d8029487bf058298f4f294d651089a150eee6e48d02f3c7aa5b6da4b90f6e354f3500f12a412bdb5f88e89b72bd92decddf537272d223949f4a066b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    41c3d15c6012bab9d739b939a896b4bc

    SHA1

    c797e48cef37f5301723ed1921d60658f2cccf42

    SHA256

    d4efb9dda377f47a0b881c12a5790993b86c079ec1b3a7f8f84ba2f9c2ae5908

    SHA512

    761609318fcbb4301b8d4faefd6fe25dbc5e0dfcd346d41860da479419ea4504e6428de3153d983c7ce8928d3efedef05a2a03cd7242854d3e96558975022265

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7637d2553182f9aa6e2b76d107c510a2

    SHA1

    66ca6bdf5b7e92fbb5e48f632fbc8de712ef7d64

    SHA256

    4a0fc1deb927d9785cab2cab288d727f326397ea0b1aa2976ff6029f6fdd89df

    SHA512

    ceae2069fc10ded07d51925f53242df4e9d2ca4c181bf0a96269b2b20918a7f6363ce705cb73e48e20b69709b6b434f52860afb7a66569399f5e1fc045a443cb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fb4f46afc3239ad5a5b1df3d01b0c1b5

    SHA1

    8700feb51d599dabac1b98b4fd509473faec4207

    SHA256

    19253e2d594de65ac8db94a0e39c261e3bdf767c5ad5b243e116274caa86f61c

    SHA512

    ef3a1f497f1f69cb1624577414fa9b23e46e9d37a92616490fbbccab58f643f5c1637c6fcfe7ca577b9ce2313888e1d66e5e45062733453d3af5f0757666ab3f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f68389605b50684a8781c79773130b26

    SHA1

    112ad96b9ec6a8ea39cf746f6c59d65da34f3ba9

    SHA256

    cae5f1e0ab071a5c95f1d2a15f4f0778a32a01acea41c427e985629658530a8c

    SHA512

    d3684dd21db2d8a65f561ece3f1bf61df9895bb98a3f5072160fe3b4f544d38b6923733c4cd445321ca0672312ab832b6dd47060ba1e60aa1fb52d216f3975de

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e850be269e2522c1420704b14973aa4e

    SHA1

    2a32295c338528916b0f7b313af06472e6b3be38

    SHA256

    db8884372bfa2fc4949515642d7b4bd2b09d6502e0b31b9cc9b7281ef30f9ad8

    SHA512

    0faee747a9c23b1c48bdc623b19b040f7fd9fabc64d7735389645e83fa25ff117816c8bece68729d037f19cdf5a4f27e5d3b427f88244adfd72ede836322604c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5f5decc127cf52a74b9294bb1bd0156e

    SHA1

    f750c477d6fce8e1ffa70fd7203a23f2c8cd9d37

    SHA256

    672c03ac313ae6e245c67fc40303220f1d8c9b8af637824991cf438f9df051bf

    SHA512

    ffd1da6d535103a4ed5140ab9315cc11794b0537c577b57ede10ff83726eec74e0f7d10cc4df00e472f034bec0aea6515238d99a6c050f118e1d30db467a94a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2223d574fad36442d5b8b3ab9fed8495

    SHA1

    2e7d0ee89718bab04258c8d2f75561fd57be031a

    SHA256

    9298ac59c45b5338107ce3a83a90977f09035913bd9d6a1f87ead7983c5226c6

    SHA512

    e0d3bb1f7c11ebbeb9cb2ec9d573a324dddffe5652faa36e3eed0fac6305d7e91d395206d61c150b8cf91b703bbf19aa7bde5f53ac6c8fc7569233f9919168f6

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\results[4].htm

    Filesize

    1KB

    MD5

    ee4aed56584bf64c08683064e422b722

    SHA1

    45e5ba33f57c6848e84b66e7e856a6b60af6c4a8

    SHA256

    a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61

    SHA512

    058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\search7VF8PJB8.htm

    Filesize

    115KB

    MD5

    46e2ec0f358f4510f0be44100b35d7b9

    SHA1

    781fbeaf0aa89644c934d1f0549f09d1cdfb9771

    SHA256

    691fbc565e0fff4c722efdf81cbf86f520395eb1059a0e15fcedf14cc7eef48c

    SHA512

    65ed11ef4d6ddbec0aeb3eebeb328d678b7da2a3eb3b9b8ccca02a2da20d477ea817ecba8d93c913a941e7fbebf37b302a15a13a6e24987f9b03b41a69fe2ca8

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\search37M94RQ7.htm

    Filesize

    132KB

    MD5

    b6859235778a0f7dce0243a22a03b740

    SHA1

    b7fc906578aa8f563e0e3061b04cfd6e7339bcdc

    SHA256

    baf6890641fbecb842aea65a6bffd29e4d6516bb9ef8e141d425c65653154282

    SHA512

    1a310f0c8e515c486561fb3411e6e2fc43347b28b7f7b5f93667d992ab19b6a8f06a992b4cf41872b876b120d343802e2823554ec83faec25e938bb19c0f9875

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\search[10].htm

    Filesize

    166KB

    MD5

    d32a4f634070110aa710f16f3100e4a6

    SHA1

    d24a75db50ecba642637df664d355cbba8c431f6

    SHA256

    92ba375e4f160954399353953443c7da38e070cde65f0f55dcc13b0c58c137b3

    SHA512

    78322d1faa7d7c30849b5c230ac6368871acaed7d3ebd4e2e85fc64948346d1422cf789765c799bd789a6927a67b72d02939d16191fae3e3bfff4b7ff2705dfb

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\search[3].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\ENE2EEUC.htm

    Filesize

    176KB

    MD5

    93b84876b608cf23c5b485f9e479e418

    SHA1

    0564bc556a45cc9152f2f6936962fa4a3ad67eb3

    SHA256

    c3317cabf32fe4d4a8a56a3b284cb84f549953fe81d747ae50ba22b39c6c31b7

    SHA512

    b4a7855585146d32429c51bc103dbcaa36dbfad04ecde8133ad50b626ce3d661097913eff5af4cfae4b77f7bf1a1ced6b200805f90714be6c2c40d4a39d93bfc

  • C:\Users\Admin\AppData\Local\Temp\CabDC0.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarE63.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Local\Temp\tmp1355.tmp

    Filesize

    29KB

    MD5

    0072bc20c4c883b5821cb74214c00a35

    SHA1

    4569122262fbf8a3a22f9438edeb3faef8ea9bf2

    SHA256

    1a16a915a45d4a77108d020eb72079cb5e3d023353d5cd811e8ce2339cd01e54

    SHA512

    1f897954dc081498bd0c6cb3ab7236973e04b532b5d80666462657bdcc799670b81558f36064b6952f88bb2bca41b1a132af6a76ebdc24f24ad6177a8876666b

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    8defdf5d5d992466a6f54ad816cdb317

    SHA1

    df4e9190b973b50f0548e2c00c1336529ee1b845

    SHA256

    e91465ecb5031bb4245ddac247430c66d5ae770ea1fd139ca0b0d0d65d3b9897

    SHA512

    c542dcfb6e05463a3cf1188967085c6fd38abf07566ad881259b678c908462a9ba3ffc2d751c9e4b8e39e5964da2d21fc29c6744016d3ca1efb1b26ded0a7af5

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    a63589f50c0ca9866ec6cf940c215816

    SHA1

    5b3000f44060b32867f30e8e243d4fe8fa6a08e6

    SHA256

    a327369cddfdc002012255e3d957cee67a75fc23db54122fa95887ff122e13ce

    SHA512

    c4b30a8540966238c5eecb200ff754cc4268430e7e6e56c67b2f8e471e903d6b2e9b975d2c5b53ae6bb66b5ee6a81c79cbbeb36605f1744ef3ac4cf55ed15e3d

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    e8d70b5b64354581b888729d36abeefe

    SHA1

    09d68fc9289bdf5d77f77e7a501b6ba42c0adc84

    SHA256

    2b42c87690cae7d30b8f9cfbb753f160f3a743498fd87e0cefd64220f34e8930

    SHA512

    5d5aa12a41fd06e4537c92f8c24adc7407da99c3a7106e83133717bc26ea40735ba994d72b50a906b51cd52f91e99ed6da8d3f08db8e5a6c8418e0105b0051c5

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/2764-774-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2764-58-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2764-81-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2764-1662-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2764-76-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2764-9-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

  • memory/2764-71-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2764-10-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

  • memory/2764-17-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2764-64-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2764-24-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

  • memory/2764-60-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2764-25-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

  • memory/2764-2-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2764-36-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2828-65-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-23-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-59-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-32-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-30-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-775-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-61-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-37-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-82-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-70-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-72-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-11-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-77-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2828-1663-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB