Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
4b4d7bd12e6298526586bdef7e46c080
-
SHA1
88fec9910f5ec51c112eab1a903dd2a4aa0949a6
-
SHA256
96b2e8e02bda2ac3205a6275ff8d0ed6afc70916e829e2a9b5288af96368a0a4
-
SHA512
5d90d6ced039eb8a4ee53e9e75a327a8b9d5daced9e6fab4c29dd7f5fafab9cbf9ddc0077e36c378b226376a40a2933ff9891d87ed977de67189acb730a3aaa5
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBP9w4Sx:+R0pI/IQlUoMPdmpSpL4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1096 abodloc.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesVX\\abodloc.exe" 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintQ3\\optidevloc.exe" 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 1096 abodloc.exe 1096 abodloc.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4580 wrote to memory of 1096 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 88 PID 4580 wrote to memory of 1096 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 88 PID 4580 wrote to memory of 1096 4580 4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4580 -
C:\FilesVX\abodloc.exeC:\FilesVX\abodloc.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1096
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5c3f3d354488910db575630159cd16dd0
SHA17d6ef3fbea8cc7433bc0db39aca19aeb935af42e
SHA2568de203729e2a57833bf547b5dd477c7e05b47037ee3656c8f2abc4a78d88b298
SHA5121d23bf981feef5eb1f611c20e5bce27ba2ad26dfa1f6c05d66191d124969eb09201cc9eea76e441a9dcaa9c47423690cd09354451e185052c675a5c3df72a508
-
Filesize
2.7MB
MD5e5861cd542a4896de66d59b4db100eb0
SHA1ff5ce80aa900da03518e7a5682b791885e76771c
SHA256c8955dd569ff3a19531163fbf8c5f1f992cfcd4ed4ff0b1c97b3ab2fba861454
SHA512f9805a8a7090e6711d13e410d785b22e6225dd38e9d519db89d3c8ca96bdc89e03d7449a3bc0b4d197658c81e788877b5cb92bd02b5c597380456d84e3114a40
-
Filesize
206B
MD51bd13d10026e220f0b538a2d3cde7c55
SHA1a446e0088ecbe9613dcabf0fe3f1d0faba56bd36
SHA2564cac00a1d9d16318e436fcec4bbab935509ccac6b116e2d2811c021038fa2b99
SHA512a1117281569acc06b1aa5c84a7601a2784e5a5b6609d441d60dcefbc9900a1dc5d7528b30a3f6ea91d0558915e7246fe41d29ed92b03bbf29406f2dbedbe9f34