Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 21:08

General

  • Target

    1ab97871b6f75b818e2183f709f07eb0_NeikiAnalytics.exe

  • Size

    29KB

  • MD5

    1ab97871b6f75b818e2183f709f07eb0

  • SHA1

    e3bbdb2305b8325285f3d2e78597c2bb0ea0d8c8

  • SHA256

    c9bf52af3fb4ba917736acf22b1e4b1db3acc94256251e186b2fb18c0513d8e8

  • SHA512

    bc8e18dce6e21dfe55a70883a8292de0939173bb648d6e8de1c8fbee1a0c395022fd310cdc7a73e1cab0747a9f594a1e39ed078757df0c8ff84db4d6228f62f6

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/kr:AEwVs+0jNDY1qi/qsr

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Executes dropped EXE 1 IoCs
  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ab97871b6f75b818e2183f709f07eb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ab97871b6f75b818e2183f709f07eb0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4212
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DD719OCW\searchH29306V6.htm

    Filesize

    153KB

    MD5

    768fcb693228e62109855dfdd84699d2

    SHA1

    6cedc96f263693b3914c36eaf0c20350be3a066a

    SHA256

    64016bc6788a34ec682c20c01404b5636d9d9322bde98c53f0d16c530312c786

    SHA512

    751f1565e3ad9b4921c4497d1b92c549217743102fb386f03526fe4e71cfc2be431ed57c5039174bafdd06ac800c7bd9f84130bf94f766cb89f8cccb3791ee61

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DD719OCW\searchKGOCWE8L.htm

    Filesize

    140KB

    MD5

    0c89478a3611ee80bf70e386206e4948

    SHA1

    57fc670bb9ad968256ab7d18df01ef9c3f9c625e

    SHA256

    40bda0c6933ca4d579bf72a834fd09dd0984c41d4e71882a7190bc1da0ece8ae

    SHA512

    6e2642cd2db52be500798b4d60242d9b1ebac4660d65da605a41504a21b7b4b10725ecbf6e3b2a7b2c622b5cfa8bec55946adb444dcfd543f0294d89abc8bdff

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DD719OCW\searchODPOWSEJ.htm

    Filesize

    131KB

    MD5

    8c62aa854d23a3c3a4a3f8e95bb01c64

    SHA1

    55955ee7793b5ce15f948a7f28591b89e0cb8524

    SHA256

    04f9b2d2d4fb7bed4bc8c7b2dc4cebb3d165eea7b8f420276a825049c6d29311

    SHA512

    21144be1ebfd9eda79294ba3c5af446a93751062baef564a3ac34fb98fc2944fa9eccb6bf714595871cc67ae974ab697ff8f65a43990c0ba6674d4ae18eda5ea

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DD719OCW\search[2].htm

    Filesize

    114KB

    MD5

    24d88c5a2319893e7c675e12d3296dbc

    SHA1

    35a41004b8df272e268a9b3e92bc52ed0f380ee8

    SHA256

    6e7d65403e92c94bf82ae637e4b975052e1c289d607c6bb0f1c38da6e6869241

    SHA512

    7457752c67c55bcef6881583bc38dc75f7e6f352df4b525a635e1e91dae382e0e44a627ea25823d8af1d3f3d42580d8d919974791ef2f2d7d57dc4e2dd60c98d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DD719OCW\search[7].htm

    Filesize

    119KB

    MD5

    2091096471668fc3503ff67ef83c093e

    SHA1

    f034d8090b4deb158c3339ddaba9352b140fccda

    SHA256

    2b8d7fce7847ea09cdb9763c5a5493f1e1d13dd2d3cde9a437585063688a9928

    SHA512

    466eb4db7be236722a121390c71f019249818e30f3d45309f17fc89c14333076ae7b567abeb65910e7226cdb9d1d24edfdd0a628c7c3bd8af712d40128cf3713

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SG9GK5FX\default[3].htm

    Filesize

    312B

    MD5

    c15952329e9cd008b41f979b6c76b9a2

    SHA1

    53c58cc742b5a0273df8d01ba2779a979c1ff967

    SHA256

    5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

    SHA512

    6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SG9GK5FX\searchLS7MBYJC.htm

    Filesize

    96KB

    MD5

    157a2fd9bc84fe95366a380eab809ad2

    SHA1

    002b187abe9d1b175c952fbe855f0478c3c55c0e

    SHA256

    787be3998d31adb3a06a51363e986132373ac40474c09e6babed127e32a5d0bd

    SHA512

    3891786a9750378b4e89f634c57a80f6c4e2dd0cfa1eb162c65b815ab8088d423d1a1d5743a96e134bbeae443f9dfd544294ab3e39d793334e3e74ce5aca489e

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SG9GK5FX\searchS8NY6DP6.htm

    Filesize

    132KB

    MD5

    ba56d8921110e22394d1b985a52d13d5

    SHA1

    742b8b95b797eca9925ec1fa0e3a1e6f6721a7b2

    SHA256

    d7bf91b37a4f90f12db62cc2accfbd844ff7c31e491fbeac14c98b9cd14ba4d6

    SHA512

    e8c5d28d3d89301a8ff6055442a495bf9c84b21203a61e4afc81dd5a3ae2ddf616b8a688df26ba9eb1ea270ee81197fc50ddde104c030e6f874f93f49ba7b176

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SG9GK5FX\searchU70IIGIA.htm

    Filesize

    108KB

    MD5

    2282c013be77d90d5fa8a38beabc652c

    SHA1

    25b0a7047008795551353e6ff252ee18cf2835f6

    SHA256

    34e3914bfda6fd94851fb8bb4a41304e517b5aceebee06dc3b3a728accb9d9aa

    SHA512

    8e0a2cb503bce9c7397a10c90bea59a516f5d6368bae6bc7c19e2116005e269af56af2783064e27b62a05316e39d25abe04575664cec4fafee386a080803e58d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SG9GK5FX\search[2].htm

    Filesize

    102KB

    MD5

    e41b589ffd20e2462f9fab5ce1ddcbad

    SHA1

    7205418f510bc06abefb812fbca628c5e8947bee

    SHA256

    3ba445e84d5607ceef54fc0b6d2915bfa51179887be2e0eaa0bdc5bfdc64cee6

    SHA512

    13748dbeb2bad6e899e3a30e0820e255fd337c97f5b47888dfc7be16d7553859c8541356dae961dd4e5729bac79463407f634a168d1edeb0790d3d43a0c5e158

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WOBB13N1\searchR24ANQXI.htm

    Filesize

    114KB

    MD5

    a7690fbdb833b82f123edd11a4c8b2d0

    SHA1

    4afbff7260210198cdc98eb099a81a7608891150

    SHA256

    5c9d5afdb286d3484a8546bb728de640f1027e236121a2921e300e914c811d05

    SHA512

    c67cac07c571203cfe3ba24e04f4d26f6680d1027f90896f27d0a18fa6837856d775b4ffa0eb82fe48d6d8d5f9dc95481bf17b6cf46b40c8593602d2e9df574b

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WOBB13N1\search[8].htm

    Filesize

    141KB

    MD5

    a8984900010ec47aa9fd70b4602943dd

    SHA1

    77b851b0dfa02b76a1dd94f4068530226be93d7c

    SHA256

    e8cb6aa1aa105cec4f2e42a4cba9bf24f57adf75f23f163dfbc22735c6ccdd32

    SHA512

    d787fdda5fca061dc4256bfae9de7dc9b1175cf3c3757d9b7946b04fc468509e53aa764123373310b6440ba2c5a9db75c1117186445028700237ca1318343778

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\QDA6DPJ3.htm

    Filesize

    175KB

    MD5

    fcf61c1358bd8ed3c4003724bc41e419

    SHA1

    1745703d1cbfd7beaa0e5c4ed6437372d2d2f594

    SHA256

    4c7259e8c2b72c47da5bb84696594dde7c6a1a5b1719a5c88c4681d4092a30d4

    SHA512

    f86cf8199b67c23e697421ba96ffa7ee932979258d0a2299558e2499fc67c2385b9492c0ad88bc4bc7e469c494cea6c3cdff82794c1ab770bcddfe54fd987ff2

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\results[7].htm

    Filesize

    1KB

    MD5

    211da0345fa466aa8dbde830c83c19f8

    SHA1

    779ece4d54a099274b2814a9780000ba49af1b81

    SHA256

    aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

    SHA512

    37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\results[8].htm

    Filesize

    1KB

    MD5

    ee4aed56584bf64c08683064e422b722

    SHA1

    45e5ba33f57c6848e84b66e7e856a6b60af6c4a8

    SHA256

    a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61

    SHA512

    058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\search2SLZJHKY.htm

    Filesize

    112KB

    MD5

    a8f8b3d8f89affeb393fa9fc15c267b9

    SHA1

    e179c7f4480bd1736fa23b4e2573e4c2ab90c159

    SHA256

    d361b0835a12f774af18aa6e1c9990e1e96cbc82c832ff1b4f0118651999c2b1

    SHA512

    c855b73fe132c18ddf9601d2a3d3a09e1ec01e3d0314caa7e31d448f50a7576cd03e8adccb120bedf11df0173273dd7651363dd798efdbc41123973ed1efe5eb

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\search[2].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\search[8].htm

    Filesize

    133KB

    MD5

    c26b9ba18c9571ebfc7154fb343b67c9

    SHA1

    78a5bd2da4acf97d0b852ef88d0f530e44dddde9

    SHA256

    1b43a50d4d8090f2c5a50b725c1a7ee0c4d4a72dcac37b0cf2077404c3a65d4c

    SHA512

    14153bf81d8b8fd6a29a1ac9c35218214707e23658db7092dfd9d8b5dc5d54a57a9ba8e9be8bf9afd2726c199820e7ce0994ead7249ef4219e1d65a0ec9ff929

  • C:\Users\Admin\AppData\Local\Temp\tmp7FCC.tmp

    Filesize

    29KB

    MD5

    f0c8358106bb250a28bd7b972409f0d1

    SHA1

    784eb8a63dc996f08c5181c59e1caf9762868d70

    SHA256

    e493a28656f5829bb4d984ba917eccca56f8d351c7b912cf33f2ca07facdad7e

    SHA512

    ad1edfd83d2416442b1d8ad8a11ca5cc43d2978c1c5320b077bc1eb2f8663747c93c07973b4dd4fea89492f18815e3d007217e37257e2eb48d8a91015e360ed2

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    040c39c1630879b6bc3f2044b3f483c2

    SHA1

    4d34a1a11c3b54e272872bb21e3324a833f9d3ad

    SHA256

    2282675553d2c5ea652328f98e71b19c287c98a68a0738a53d955fc5f269e267

    SHA512

    58379ca0a00b39a14f5ad9d59bbf269c38de2058c07cc38c113bf0fc8e3e92c5ce3f6cdca69eff94d7fe0332576980ee000fa9b810329a42bb0507aa1a57997e

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    8378e217d24d905078d6f0fdbf78a48b

    SHA1

    0f578d5b99ff8cdff91573ed4d9c2b937ed09bf6

    SHA256

    207f315acaa0df47e455494d8f1a4a54e829f06b82e4fb20f64b0ccaa76111d7

    SHA512

    5b33402ea52726f5df39f2383c97021a5d6b738851104aa99a529b683f6c32160692d84c647c4b6b36b2243417d48b750a230af885b83008766661ec6469863a

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    0f1728dbd50800956a7ffb390e94cea0

    SHA1

    a3aefc51726b74110ae49dff3359ed67ab34f3f8

    SHA256

    c182f2ef6fd18d5195d6930328a5e92f2fd5b9439d7f7a48831f718475aeca7e

    SHA512

    6065251387fe75f279f48d245d2527149d65d97f7990fd62f2d5d2473cb4827d42bcfbb880b05079790dbdbbed3c871b94f35a73408a8d30289f6d5770d91b97

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/704-264-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-6-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-273-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-14-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-262-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-31-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-103-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-38-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-268-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-415-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-541-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/704-36-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4212-414-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4212-540-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4212-37-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4212-102-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4212-261-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4212-263-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4212-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4212-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4212-272-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB