Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 19:52

General

  • Target

    1411ec0e42c9e4d38a31a7f4aae94490_NeikiAnalytics.exe

  • Size

    29KB

  • MD5

    1411ec0e42c9e4d38a31a7f4aae94490

  • SHA1

    f7a2fd59988d89389f198f50bd52f0da7f81f014

  • SHA256

    04079f8509ceb8ec7a73d6234c1a52b732897b977c3e269e6be701017caab202

  • SHA512

    3ff56ee215e5cd8b333a8951324e47fe0f6463aca3e140362b67c298eb64d78b41037730d497488472ff224a305970f50ad7d531463cb3045860ff36a848fa27

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/Z:AEwVs+0jNDY1qi/qB

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Executes dropped EXE 1 IoCs
  • UPX packed file 28 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1411ec0e42c9e4d38a31a7f4aae94490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1411ec0e42c9e4d38a31a7f4aae94490_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1076
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3YK18YAR\LIRBM7JP.htm

    Filesize

    175KB

    MD5

    e6fff0d7f80d6e0e0fe4a3cd9762f2dc

    SHA1

    6ccd893fd8a1bac5bf752eb179c90338d428a356

    SHA256

    29683df577541b703a94e15104ccd5d4f29509c2337de952fef80ce01e57ca1e

    SHA512

    b2ff05227a8e2af0f320d91c10841022c32ec28b7c7aaf5ffdc38c365291302029a0c5d0e1dc2c28dd6632fd39fe4190fa553e33fbee1f79265e5d4f1033d71b

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3YK18YAR\searchF4YL24DA.htm

    Filesize

    102KB

    MD5

    c918efd2fdb5b3a122fc06d0a6a43388

    SHA1

    91300b9c7e4abd2b4cb93f681224e91fc4bcea18

    SHA256

    65ca9ca9557b3f0475f3dc373e460424934063eae678b269e3a069fac4e9c865

    SHA512

    0a1ff3134d8e8308ebbc580e8a4cecd3ed1ccfc24e757c077405a5e23dc843a5b2564147fef9d3a93b5f07043a68a4bb8ab450dea6babcc91cffd16c0207f22b

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3YK18YAR\search[5].htm

    Filesize

    134KB

    MD5

    143de66668410b1376bdfc084092ead9

    SHA1

    62faa0221cadb77018262a357521a794a0ac6a8f

    SHA256

    9606357f01948f3bd05af0d22291dcfbc51df19fab90182bcf8584b211d66579

    SHA512

    c59e9b6adc50a7cb25b88dbcfcae470392bd8d3da1f547ab90926a9e1972a02f71243589b1a1836156eb50175cb0f31a25f19d847c64cf61b49a07f57dea55c7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3YK18YAR\search[9].htm

    Filesize

    117KB

    MD5

    11cf547beb185aac741c42309d35e04c

    SHA1

    c1f84bf6681653567d75841d4dbf25b3fb370cd7

    SHA256

    5fe2a9a0738eeee9924f2426e5959f75835e968761826daa6bb67fcf14a15382

    SHA512

    6c9b05460f53a5013bf853286534841cf7bc55402fcf5c81d4ef886266b07b9ecdc2ab8b76e3ed35fd0bbc5814dda241df9fc23bc0d1e4c7ab734bca3a8d3e59

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6E1TJXL2\default[1].htm

    Filesize

    312B

    MD5

    c15952329e9cd008b41f979b6c76b9a2

    SHA1

    53c58cc742b5a0273df8d01ba2779a979c1ff967

    SHA256

    5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

    SHA512

    6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6E1TJXL2\results[3].htm

    Filesize

    1KB

    MD5

    211da0345fa466aa8dbde830c83c19f8

    SHA1

    779ece4d54a099274b2814a9780000ba49af1b81

    SHA256

    aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

    SHA512

    37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6E1TJXL2\results[4].htm

    Filesize

    1KB

    MD5

    ee4aed56584bf64c08683064e422b722

    SHA1

    45e5ba33f57c6848e84b66e7e856a6b60af6c4a8

    SHA256

    a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61

    SHA512

    058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6E1TJXL2\search96LL96CU.htm

    Filesize

    111KB

    MD5

    30afd3a21202f747d06ea77fb0ecc000

    SHA1

    92e2dc54e0ca82f05a6c7db4afbd5017b55456e1

    SHA256

    c5b5896c9b386b39cf4b509e8af23c5730fa3ffaf93cc4184ac4315f2ad480c7

    SHA512

    b311407182863ac40d83cc0eaae67180f2a2d06a095bed3d6dd0a44745001579b7aaa7539668082a069145501435878841659876804d621bf66a324cc80c2716

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6E1TJXL2\searchA3J2QXZ7.htm

    Filesize

    151KB

    MD5

    6665bca008b000e01bae6bafa190fbd1

    SHA1

    432fe7841d298db53cb058e9dcb5b45079caf4c0

    SHA256

    f14c083b7b5dc2c6fcfeb6fc0122ebcb441359aa4f7014995845f36169c21a49

    SHA512

    334f7c91bcde59d4c3abf272a55b2aa0d196e0f3d9512d3fd147e0e18ff1e6f1ec0fa7a5bf2b81083f2d3f629211685dbc512d6f05f97db0dfe454c98a9089ba

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6E1TJXL2\search[3].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6E1TJXL2\search[5].htm

    Filesize

    143KB

    MD5

    b202f2dd11cd3c2ac0ed84ca0e8d9fba

    SHA1

    2bd7745bc481c2cf1bf3cd3a137d15f1a8ab44f9

    SHA256

    c05cf2b0d7d3cea0f31871e9de3221b4e2d61f371b4a2d8a985e1ca37e681673

    SHA512

    32db43359b8bc2f859eddae936ff011de9c8407c21e566532b4f25894d00413e500e5f3cc7e0b533c9dcc70c11f274f594105369ce060c4b705c8b866f59bad8

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FEHPE754\default[5].htm

    Filesize

    309B

    MD5

    d7c7d9a22116debe181b010d460c4449

    SHA1

    0ffe4c171565d8d152bba5444abcfe4c3bda1a0f

    SHA256

    bdb7ac94dc916af2d7784a5c147167ce13e49d12baa9b8f3cccaf33e29419a7c

    SHA512

    0fce80c4e1d764c4ecd93f763b43459f76909893992069225559aa43d92991e436263e43a14ecd080d0452ef0aec3c1742807f88b3d7badb6a5f78ec13a9efc8

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FEHPE754\search[5].htm

    Filesize

    132KB

    MD5

    cf5c1630a4fc78f81330ccc82995ca9a

    SHA1

    a6956d85628bef532335dad530f5f9504986f59a

    SHA256

    47c6dbe6521764f77bbfd99673ee5833ce627a3bb73adc2cd8bedfcf03cef87f

    SHA512

    89057d935c8fab4289a8f904cb8a57e0eb20fc04cc91b2b475ed19be75dea97e573da6b7d058f7d3944725abfb3e68a00307b27eb760d8f539a44f5770d2ec58

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FEHPE754\search[7].htm

    Filesize

    143KB

    MD5

    2c2b7755d5278708fae4363ec71b422f

    SHA1

    b02f002d559c3752de891d2b2637778959b2ee33

    SHA256

    fc65f6bc56fb9ef616dcf04bf0d13d865b92404388a51f63f439f3976cc16274

    SHA512

    07a3a0793b4b6e2d2c596324609a8ce9483b5e47328fb931a794b23cad925d15f5165b45aef58a2bb683c7abaf614793d0937d9bd325c52894a3e2a1aee6eb87

  • C:\Users\Admin\AppData\Local\Temp\tmp2F89.tmp

    Filesize

    29KB

    MD5

    7bb1810495621e7022f6e9982a037005

    SHA1

    d69b829fd10ac8319c193b824fcd2c7609f0cf05

    SHA256

    4f227d89e59738f26ef689944545a774143ec6039edfdb47c9b557ffe3db5940

    SHA512

    84bc9eca5fac99f5fc536885cbaf84d84f7befec8e4890ddeabd7ba93c4f5bb6ab52d6ea57edc3695cfe618038a4013c1ae53ed0726646a82eef75ddd0c4c3c9

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    367940318828c765a57cd92276c0aa51

    SHA1

    de0da0d932b7acd072b59ddf365d4a98e7e1036a

    SHA256

    c8c85b1a7dde1be6fa69a2e56f1e6ae8d4d7779b24c2cbe9b51e5e6f82ec181a

    SHA512

    0f76f969922da5b552653fc742f45bd0dbf55b5ef7625da9f8ef77cc191af7d489ed663ef4f2752d2eed2547cdfdb2c6c28e41cbe812615fa0704ea3fe5889c7

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    89f66fbe3a6789774685c357c974ae2f

    SHA1

    2f21f78fec7d4779f46cc78121d4282817096b13

    SHA256

    3e59736f201e16aa917d1a4d2457d3669de83805504a964173e4268ab1a1ea65

    SHA512

    982555c4ef29f99a73082207bfb4ca2ecce97e522979e09c24e9389202e7424a896616b00655f2412244992a8b2bf1c126818ac3b51816c78b196435bfb5247d

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    7d37aa77285011cde7d50d7c582ac45f

    SHA1

    caab15ee78828a92bc2e87af9b6b595536dc7a02

    SHA256

    29b0ad619a8bd5f1628ed230bc11598b6eabadf72d44dae9d966c1dbe1869fb0

    SHA512

    eb1ba2581ea898249c9c7234494fc69e87d708b8d777b68338d43d868b42be183a244eed0694fd95798dd9a323149e93dd59878eaf4fb9ffa7c1e047dfe3224a

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    6d290953927f1b3a12f3dfb6e56fe1a2

    SHA1

    fa1bca9b8f90e6c3990e679303a374428d089693

    SHA256

    f6e02acb3d26690af7f8be0fde7f677c9f22ec63b04a3c9a3f317bcb9becaec4

    SHA512

    041d03b52fff107bfba4588676e3d041de30a473f91ffc7abcd4864b3e088dc9a3a7c4edc615d8344668d6e57240626837f91238b4083986967c9f526ffa0adb

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/1076-234-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1076-35-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1076-170-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1076-138-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1076-174-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1076-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1076-30-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1076-134-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1076-145-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1076-409-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1076-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1232-31-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-235-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-144-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-135-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-410-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-146-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-36-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-14-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-175-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-139-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-6-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1232-171-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB