Analysis
-
max time kernel
156s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29/05/2024, 02:49
General
-
Target
31c251ad1ebf3c9ee205f8b28b335b30_NeikiAnalytics.exe
-
Size
98KB
-
MD5
31c251ad1ebf3c9ee205f8b28b335b30
-
SHA1
6b0cc2ee0dba27226e916203e69b92116e7e174a
-
SHA256
99121c8c83275d1de3d651d9c7c407babda1cef3ce82f723d7a1a3f5411e3ba2
-
SHA512
0832b6a626eedec5f5c522e5e8108188824bc37a9aaa6a96db9db1c75624bb09bfb6864c480474e6ccee1f9cdc3697e08c2e62737c559f4db643e90a6f684445
-
SSDEEP
768:5vw981sthKQLrod4/wQDNrfrunMxVFA3b7glws:lEGN0odlounMxVS3Hgz
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\31c251ad1ebf3c9ee205f8b28b335b30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\31c251ad1ebf3c9ee205f8b28b335b30_NeikiAnalytics.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CA13E2E6-F635-4aea-9343-7E1D09CD1940}.exeC:\Windows\{CA13E2E6-F635-4aea-9343-7E1D09CD1940}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C6976D53-918D-4c75-8042-5581854B090E}.exeC:\Windows\{C6976D53-918D-4c75-8042-5581854B090E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{97A55707-C6F2-4dd7-914F-E1E60A766CA1}.exeC:\Windows\{97A55707-C6F2-4dd7-914F-E1E60A766CA1}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{41998565-9C9A-46a2-A871-3DB1C88C1E20}.exeC:\Windows\{41998565-9C9A-46a2-A871-3DB1C88C1E20}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EE4FCCB1-F339-4307-948C-3205428F033C}.exeC:\Windows\{EE4FCCB1-F339-4307-948C-3205428F033C}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1578E384-16AF-4012-B6F9-F6B64A725464}.exeC:\Windows\{1578E384-16AF-4012-B6F9-F6B64A725464}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E452F217-C283-4488-8BBD-BEC1CD004F4B}.exeC:\Windows\{E452F217-C283-4488-8BBD-BEC1CD004F4B}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{13401A38-B22A-403d-89E1-C262E41F15DC}.exeC:\Windows\{13401A38-B22A-403d-89E1-C262E41F15DC}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D382DA45-EBDD-41ca-AB67-7A08F4E0A2E2}.exeC:\Windows\{D382DA45-EBDD-41ca-AB67-7A08F4E0A2E2}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0648EDB1-984E-4660-AF86-8C421E9BB4AE}.exeC:\Windows\{0648EDB1-984E-4660-AF86-8C421E9BB4AE}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9AF06D94-A593-4501-8133-AAF3AA34BD94}.exeC:\Windows\{9AF06D94-A593-4501-8133-AAF3AA34BD94}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0648E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D382D~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{13401~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E452F~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1578E~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EE4FC~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{41998~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{97A55~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C6976~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CA13E~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\31C251~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
98KB
MD5c11b6757682125d889b240927ad8a3b8
SHA16fd52d867229bd812d34a890aaca99ebdfa9d98c
SHA2568233033a6a946f7305e6e181ee2b964e887517c3f3118e6fe5a40d2d07836bd8
SHA5121be54b2e82552df62c7b8bdedcdfc84669e948f1c7b62e5782573a330e0dba64f1104168ce4500832450c4f0695801352186aea6f01da64ce13640ac254f7496
-
Filesize
98KB
MD5924c68ee0a01733300e6b6fe3df0c339
SHA12ee01286fbcd0a7b835d7b55139b13adf5d362d7
SHA256a3ed98b67c7b8363bb8b69345cf239b6fadb632005016b83c571f560fddfbe40
SHA5126ddd1496c125360df30ef1c5e53a1f2022a4a5293173f8c706c6919bfa965ce42025a508b3c89918c0b99db1d858a1da30221df0023e9ac093c31877f3b17b4c
-
Filesize
98KB
MD5266e70826324462b6a04720e8489366e
SHA1b790c96eec8b06cd42a02488a1830cb8eb350bbc
SHA256ade408cc763114e070d51bb76968e91aa17763471eec995e27498f020e29e1c2
SHA512e6851070ef0ef7a0e30b49341957f0b09caf4fe2bf9bde96f249fafcf799a5d034add069610c9024ed36d1fcbddcf968540dd6927a5bb085b73ba40e498a27c4
-
Filesize
98KB
MD545631caf07a21a8b64214b9a45f53ed0
SHA188636b20b58e859b80b0f0624f6ae9c17b9e79e0
SHA2569400b0688d2c6758c7b38a03b004c4961eb13ff0e20e4ec31668c1574e13a099
SHA51275cfab35449f91234e5f1c6415afebcf9b71b5864f439339793efdab4d21bdca5e3685fa86023b150b961904e9381d8e274bc0c9803c59d0c2a7d6051b25bead
-
Filesize
98KB
MD539abc58441253865881e02a6faddc16f
SHA1de2377baa7cf241aa9823943f4dbf2728453e00c
SHA25675e5af6ec4e687a1166d02487a05cff8a9fcf7f80873541ecadb553443dafc35
SHA512b75a34001501a9e363657be94de17bdec0b83960397b3e04a572bf5e0ab1ca1c4b69ddeb31693f0cc4cf74b9cf8e7a1ec8eec042197559f0552184bae8227418
-
Filesize
98KB
MD509905b567c55f034fb74b930d4685463
SHA189c9cb3131c1773f1f98f36ae7ce94a70fb399d5
SHA256c4bef7e83e71721af33c96458a5842a5f519f70bd80f132136e1f0217c281837
SHA512a9a71aaf72128c23a467e4e650876740c1183a2b11bd8118e6592969e5dc8f669bc694ffeafddf2b20df8e200bd4477093674f9ee7de1ffe21d7b93ecea1440c
-
Filesize
98KB
MD566bae2a4c9b5fe09cf64dc67061ee2c5
SHA192654004a9ad4a4f85833ab849ab16d96015f0b6
SHA256a805ac9ad762ae4382578a0ee1e2abd895165200152a2422f21e5b00c837ce20
SHA51256f38e1fcf76dd0353a1a7677767f4c63f70eb6c5030ba7ba6636338bc1405b26bbc499b4df38ae86e700ac6337d9959abf75fd5f5bac9246e92c4c7b4e1bcbc
-
Filesize
98KB
MD59172639e1d005c996e62ce28c0afff92
SHA13e3c0fe008182c7d29242e051aa484fa20f1ce61
SHA2560a6cdc9d5fd65ebf9798ec6883d8852cd7eab2163b4f76568be8b274b1cef9e4
SHA512995bcb511d327c34eeb4ba6918f44f994c0279c1a347bd31e33863c4da92665e4d423f0771a71ac2197d6109bfb92367d4d8e9b8373e93caad003265bfd257a5
-
Filesize
98KB
MD59c80a939deb45e06f195a68d639fb9f1
SHA17826ca4a3e6e51d3e7ee79aa6ac67d70d05bf232
SHA2560be770721d53c71679feceaf14d9728f20238546b42a4d7a71fa15376360c006
SHA512d26a39ed2ee81df800103873aba1a4d8ae5ffb369fd8f92fa5f72d993e80be48a42636f94111e985a0a08558742eeaa6bffb7fb7361b0f1e35607cb7f8f47905
-
Filesize
98KB
MD583e53e7c77f093d549f996ef0d381e98
SHA164f56f91ddd80476c3dfcb9a86a3ee1a575797c9
SHA256caf3a79ceb83dd80e90681bc0407bcc1b9427b2502a5e39833ca0c2d704de670
SHA512581076a571c29407b97bdb24e9f67976c94c53824862e5d9e4192dce10f7b376ab2dcb46b46cbe0d38297e563ff57a2283ab1db2b043ee0c920934224c3268d8
-
Filesize
98KB
MD531bf38908fda3eabc6115126d94a319e
SHA1eea3068697d8c4c66c2b8edd2bb0307eba660a47
SHA2561565694535a867fbbd06fcf768e331cab3bd38cf27a8dfe5ca39306926f4e8d1
SHA512f5990ffc780033cb90fa8b4164e5590034a369b0876a65e7ffd13183f7843254c80a9e9f57371ae5998283a4b97383fa1c17148e504db94e2bfb9734b05eacdd
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB