1f48274fb3fdae6eacd366c373739c667fe2ceb65aafe3cf85a13e893668dc9e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Size

68KB
MD5

3becfb51c807a8af0400d23efcded080
SHA1

8b76b2e16462cf5da95d585e44c9c141c438639f
SHA256

1f48274fb3fdae6eacd366c373739c667fe2ceb65aafe3cf85a13e893668dc9e
SHA512

5016fb7fb7b273613601f94f4c652d8834bcf581580b26d7491447388566756290029332a315030e1c4ca927e234902c8c596b02302d27843a293d07686ad86e
SSDEEP

1536:nGiXtfKk9Afn1MUlVwN7ZxYOB0TvdLWf37ag:nGi9fKk9Afn1MUlVwF/YOGde

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\TypeLib	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\ProgID	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\VERSION\ = "1.0"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{A755352F-C8DF-432D-934A-4E96ED223A61}\1.0\FLAGS	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\TypeLib	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\ProxyStubClsid32	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UFWait.clsMsg	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{A755352F-C8DF-432D-934A-4E96ED223A61}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\ = "_clsMsg"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\ProxyStubClsid32	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\TypeLib\ = "{A755352F-C8DF-432D-934A-4E96ED223A61}"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\TypeLib	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\TypeLib\ = "{A755352F-C8DF-432D-934A-4E96ED223A61}"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\VERSION	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UFWait.clsMsg\Clsid	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{A755352F-C8DF-432D-934A-4E96ED223A61}	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{A755352F-C8DF-432D-934A-4E96ED223A61}\1.0	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{A755352F-C8DF-432D-934A-4E96ED223A61}\1.0\0\win32	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\TypeLib\Version = "1.0"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\TypeLib\ = "{A755352F-C8DF-432D-934A-4E96ED223A61}"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\ = "_clsMsg"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UFWait.clsMsg\ = "UFWait.clsMsg"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\ = "clsMsg"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{A755352F-C8DF-432D-934A-4E96ED223A61}\1.0\ = "µÈ´ýÌáÊ¾²¿¼þ"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{A755352F-C8DF-432D-934A-4E96ED223A61}\1.0\0	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\Programmable	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{A755352F-C8DF-432D-934A-4E96ED223A61}\1.0\FLAGS\ = "0"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{A755352F-C8DF-432D-934A-4E96ED223A61}\1.0\HELPDIR	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{A755352F-C8DF-432D-934A-4E96ED223A61}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\TypeLib\Version = "1.0"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\ProgID\ = "UFWait.clsMsg"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\LocalServer32	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UFWait.clsMsg\Clsid\ = "{0483E81B-3739-43F8-9CD1-3300E84EB4ED}"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\ = "UFWait.clsMsg"	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{806DEBB8-3F1F-46AC-B379-C2DC11B4C45C}\ProxyStubClsid	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0483E81B-3739-43F8-9CD1-3300E84EB4ED}\Implemented Categories	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2872	3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3becfb51c807a8af0400d23efcded080_NeikiAnalytics.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2872-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2872-3-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads