Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 07:44

General

  • Target

    4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    4b49ccd5ed47ff20784bf1940c856cc0

  • SHA1

    a7a74d7fa73a7c1814f42aa1d916eb73d9d8752b

  • SHA256

    e946698f73192c13925f2b81f24645f4fe7fcb8bad5b582fbd91b2396c898421

  • SHA512

    0c4dfee8043a95aa46169dfd5d9f3d72eaa2c64b9f9a3a7a772e74fdc8e771a70809b5352a59c41d2a01e4ab9a302dff592e1c975d2eb8d72676ce14f32e634f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB99w4Sx:+R0pI/IQlUoMPdmpSpR4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\AdobeU7\abodec.exe
      C:\AdobeU7\abodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1564

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\LabZA7\dobxloc.exe

          Filesize

          124KB

          MD5

          5e4cb1835e9fa347a40321442fc05f6c

          SHA1

          2743099b18b2c7a3c50111fe37223a91831113a0

          SHA256

          21db063530b6db228731ce6bbf08a064a9607df2e6b06e3af95b75997566cbc6

          SHA512

          cc2aa3067807aa01c9448668e63af8af9b01b89631f1c0a0b995fa21e98abcf32a94f5b3ecbfce80f05a2d60c7f2016c111138bbc4b022243c0a4271ab6fe343

        • C:\LabZA7\dobxloc.exe

          Filesize

          2.7MB

          MD5

          eef4502cbb32dc36ad288bb35321f759

          SHA1

          93d205672d19751386aac490fc03a4d98ae1f217

          SHA256

          9d15de58b270dbe9c3ea4268ae02f4f5c279c2ea0206cb84facf0611657271a5

          SHA512

          7a4ad42bc35ef4a1398dcce77088a735b1fc998d95daa74b03a4ba484e6e8f46ea299ec2746b8f5212613196a444003e013b8a75740a4e004348f9a645031343

        • C:\Users\Admin\253086396416_6.1_Admin.ini

          Filesize

          198B

          MD5

          618cc3d63f6b09d0e5e467c03cfd4747

          SHA1

          8528f411225beb349e5164021cd04e0d50710b8d

          SHA256

          9f930361c86c167d3bb759f2515aa46132b6f8ee952b508122d8b008988f2051

          SHA512

          6b79769116b7431caa71560ad5ccc04a3542068e9b6a6e76b8f71de9751ed336a763e1410bd2e1d709ae767619c28efadbfb88fc7e05a90c3738527279c8649d

        • \AdobeU7\abodec.exe

          Filesize

          2.7MB

          MD5

          b8d7511b07f2e05895145cb277142da0

          SHA1

          0db70c4ccbe8b3bed70d68eeb6b402995ab2e2d0

          SHA256

          c2422a31af595ecb1c1d0ed41ea6a414b6e8cc7781d9f3b80622ad7e1e6e4203

          SHA512

          9bf3a02386cce4e7121a3cc43f5b36dbfe5ae3e9cfa0162f457e4a11cf75d6d56b0cdb0e84293d837d54955166d5b39bf593666a9bb87b4e96f9655d9cc47620