Analysis
-
max time kernel
149s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 07:44
Static task
static1
Behavioral task
behavioral1
Sample
4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
4b49ccd5ed47ff20784bf1940c856cc0
-
SHA1
a7a74d7fa73a7c1814f42aa1d916eb73d9d8752b
-
SHA256
e946698f73192c13925f2b81f24645f4fe7fcb8bad5b582fbd91b2396c898421
-
SHA512
0c4dfee8043a95aa46169dfd5d9f3d72eaa2c64b9f9a3a7a772e74fdc8e771a70809b5352a59c41d2a01e4ab9a302dff592e1c975d2eb8d72676ce14f32e634f
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB99w4Sx:+R0pI/IQlUoMPdmpSpR4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1564 abodec.exe -
Loads dropped DLL 1 IoCs
pid Process 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\AdobeU7\\abodec.exe" 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZA7\\dobxloc.exe" 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 1564 abodec.exe 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1888 wrote to memory of 1564 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 28 PID 1888 wrote to memory of 1564 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 28 PID 1888 wrote to memory of 1564 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 28 PID 1888 wrote to memory of 1564 1888 4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4b49ccd5ed47ff20784bf1940c856cc0_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\AdobeU7\abodec.exeC:\AdobeU7\abodec.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1564
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD55e4cb1835e9fa347a40321442fc05f6c
SHA12743099b18b2c7a3c50111fe37223a91831113a0
SHA25621db063530b6db228731ce6bbf08a064a9607df2e6b06e3af95b75997566cbc6
SHA512cc2aa3067807aa01c9448668e63af8af9b01b89631f1c0a0b995fa21e98abcf32a94f5b3ecbfce80f05a2d60c7f2016c111138bbc4b022243c0a4271ab6fe343
-
Filesize
2.7MB
MD5eef4502cbb32dc36ad288bb35321f759
SHA193d205672d19751386aac490fc03a4d98ae1f217
SHA2569d15de58b270dbe9c3ea4268ae02f4f5c279c2ea0206cb84facf0611657271a5
SHA5127a4ad42bc35ef4a1398dcce77088a735b1fc998d95daa74b03a4ba484e6e8f46ea299ec2746b8f5212613196a444003e013b8a75740a4e004348f9a645031343
-
Filesize
198B
MD5618cc3d63f6b09d0e5e467c03cfd4747
SHA18528f411225beb349e5164021cd04e0d50710b8d
SHA2569f930361c86c167d3bb759f2515aa46132b6f8ee952b508122d8b008988f2051
SHA5126b79769116b7431caa71560ad5ccc04a3542068e9b6a6e76b8f71de9751ed336a763e1410bd2e1d709ae767619c28efadbfb88fc7e05a90c3738527279c8649d
-
Filesize
2.7MB
MD5b8d7511b07f2e05895145cb277142da0
SHA10db70c4ccbe8b3bed70d68eeb6b402995ab2e2d0
SHA256c2422a31af595ecb1c1d0ed41ea6a414b6e8cc7781d9f3b80622ad7e1e6e4203
SHA5129bf3a02386cce4e7121a3cc43f5b36dbfe5ae3e9cfa0162f457e4a11cf75d6d56b0cdb0e84293d837d54955166d5b39bf593666a9bb87b4e96f9655d9cc47620