Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 07:45

General

  • Target

    4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    4b4d7bd12e6298526586bdef7e46c080

  • SHA1

    88fec9910f5ec51c112eab1a903dd2a4aa0949a6

  • SHA256

    96b2e8e02bda2ac3205a6275ff8d0ed6afc70916e829e2a9b5288af96368a0a4

  • SHA512

    5d90d6ced039eb8a4ee53e9e75a327a8b9d5daced9e6fab4c29dd7f5fafab9cbf9ddc0077e36c378b226376a40a2933ff9891d87ed977de67189acb730a3aaa5

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBP9w4Sx:+R0pI/IQlUoMPdmpSpL4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4b4d7bd12e6298526586bdef7e46c080_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4580
    • C:\FilesVX\abodloc.exe
      C:\FilesVX\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1096

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\FilesVX\abodloc.exe

          Filesize

          2.7MB

          MD5

          c3f3d354488910db575630159cd16dd0

          SHA1

          7d6ef3fbea8cc7433bc0db39aca19aeb935af42e

          SHA256

          8de203729e2a57833bf547b5dd477c7e05b47037ee3656c8f2abc4a78d88b298

          SHA512

          1d23bf981feef5eb1f611c20e5bce27ba2ad26dfa1f6c05d66191d124969eb09201cc9eea76e441a9dcaa9c47423690cd09354451e185052c675a5c3df72a508

        • C:\MintQ3\optidevloc.exe

          Filesize

          2.7MB

          MD5

          e5861cd542a4896de66d59b4db100eb0

          SHA1

          ff5ce80aa900da03518e7a5682b791885e76771c

          SHA256

          c8955dd569ff3a19531163fbf8c5f1f992cfcd4ed4ff0b1c97b3ab2fba861454

          SHA512

          f9805a8a7090e6711d13e410d785b22e6225dd38e9d519db89d3c8ca96bdc89e03d7449a3bc0b4d197658c81e788877b5cb92bd02b5c597380456d84e3114a40

        • C:\Users\Admin\253086396416_10.0_Admin.ini

          Filesize

          206B

          MD5

          1bd13d10026e220f0b538a2d3cde7c55

          SHA1

          a446e0088ecbe9613dcabf0fe3f1d0faba56bd36

          SHA256

          4cac00a1d9d16318e436fcec4bbab935509ccac6b116e2d2811c021038fa2b99

          SHA512

          a1117281569acc06b1aa5c84a7601a2784e5a5b6609d441d60dcefbc9900a1dc5d7528b30a3f6ea91d0558915e7246fe41d29ed92b03bbf29406f2dbedbe9f34