Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 19:06

General

  • Target

    0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe

  • Size

    2.1MB

  • MD5

    0f0cbb820e78029d86b8646df081f840

  • SHA1

    deed7be3d6216dfb55e76cbed70755ac07ecbe32

  • SHA256

    d1ff936ea7f9fb510c9fb5cbde514b1290f956c0913b604367c6a92427f2e137

  • SHA512

    22e5447c135789172127129911c7fd3b305955d679bb22dca70cfca26b4811aa6afde9c00b15120254094f404fe12b32db4d93baf21675e67e3d2eb22052d18b

  • SSDEEP

    49152:+8Y/4O8b8ITDnlaTeEXGF+6z8zmqtqCK3RTeyay+hviOZ8afQf2PynO:L2rw+6zEmqtqCKkT6OWO

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 29 IoCs
  • Drops file in Windows directory 64 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:2512

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\RCX5DB7.tmp

          Filesize

          2.1MB

          MD5

          2fd547c9cf2d40d018a85862b03787d7

          SHA1

          272cd00736c86b6f67384550351d0ac492d5c639

          SHA256

          eab3ed71528310a1e782f3a84ba60e3432f4228dbe7469061fe7fc0377749927

          SHA512

          fb884300e29cf916ed1e24ed3287db46c51b4c4a5414fa5753bb6cbac85da960b92430678cfb5cb28d44528b96738b6a8874d726f97814c8d0b7808d8047c362

        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccmebasenonfipsInternet3.9.0.42221.exe

          Filesize

          2.1MB

          MD5

          a639e151f96f002a1dd9133e69a4faf7

          SHA1

          91c3e84b73ab0abbbd36413aecbe2d1e7f9a458f

          SHA256

          1881a538b211070882dbc44ffc26d1079a98c4278b73c5fdc9345abeb40acf45

          SHA512

          a2006c7ed90cf508b5208a018f0c0cafed5fcf1e09d178a19e81bf506c16ba9405b195db92438a2d72a61d8c69eb87a5306fc130d6205ce083b9ff748a60ff44

        • C:\Program Files (x86)\Common Files\Microsoft Shared\ink\RCX545F.tmp

          Filesize

          2.1MB

          MD5

          be6fd460bfe6390297fbe18b10d04f07

          SHA1

          65121c2455d58fe5c2cbd9a5ac0a5d9a2d4fcead

          SHA256

          4fc0118412b20d922db9c2fe0581f54632f380e16c1a2c47f4d462088e696d90

          SHA512

          3204dee88bd117e736e9d15227aa4a396bf62e1dc0509818b200fd2e1a50c5bbc9a4757076e7af4d3805dc559c1867952220757203e6a1d0488be04fd37e85dc

        • C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\WindowsSystem10.0.19041.1.160101.0800.exe

          Filesize

          2.1MB

          MD5

          0f0cbb820e78029d86b8646df081f840

          SHA1

          deed7be3d6216dfb55e76cbed70755ac07ecbe32

          SHA256

          d1ff936ea7f9fb510c9fb5cbde514b1290f956c0913b604367c6a92427f2e137

          SHA512

          22e5447c135789172127129911c7fd3b305955d679bb22dca70cfca26b4811aa6afde9c00b15120254094f404fe12b32db4d93baf21675e67e3d2eb22052d18b