Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 09:31

General

  • Target

    4f41c3bb98efb9ea52e0963f6ff93950_NeikiAnalytics.exe

  • Size

    29KB

  • MD5

    4f41c3bb98efb9ea52e0963f6ff93950

  • SHA1

    1bb1152aec603dbba69fb58256e3bf37e89d2d73

  • SHA256

    3345119363bf92bbece133c0efef720ae755b12f2d99e2d927f8346bbee6aa36

  • SHA512

    cf69bfe636a864fcca9054f8cbaacd967da02f5b05fbd58e6bfb3fb276fe21144451ec74379831cff27d3483864de3a18a25a79272553f1b2295290022fb9cb2

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/z:AEwVs+0jNDY1qi/q7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 28 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f41c3bb98efb9ea52e0963f6ff93950_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4f41c3bb98efb9ea52e0963f6ff93950_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1244

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2b4b10135e4fd4459f88daeeff47b2ce

          SHA1

          0d2a740a708a811a69e2001a82fbec69c2dee832

          SHA256

          3e91f20d37c0cb54473ebb4fffad9716dcb5b818c047d759828d60afd698bab3

          SHA512

          654d2b8ef3b168adaed015d53edd13f94ca62231f4d40d17107ed906ca9a9fcdb7cb9ce0d0904b32b0a1fe91683fac6b01b93870da54e5633186c57f8f9206f1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6799ae74e91c393e93d3d0fc7357df8f

          SHA1

          297be5526083cc5b4a87281e86c92fca44ee1569

          SHA256

          5a0be646fc09edb4b843039e79681c19f56c7ea18c76206b6160177e05743e84

          SHA512

          0ca07860f10344db51b4f6064b65c368fc15df6e974c23f95954545520acdbeca52579861c2505dfe76331a455ec7c643886d87685ed1c5175e8cf0f8afd034f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e36488b2f31c8e2849b527b6f3ff702a

          SHA1

          3f5b4e91274a35e55b8bbcb5c338a8373dc3d15b

          SHA256

          8717edeff3d2ff4e36652bd42f26ada95cb4e45a3843e49ea15d2dcda7cd45f4

          SHA512

          a695001ad9cf50bb8d44d1f2aa6cfba4323cea410f19d0f522908c79e5c497f40f0595834bb1dac90a748408687199c77d8f656748261f4d8be04c0824b854cd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6d8178f00e1745ecc29bbb06947b7163

          SHA1

          7f6d13e4d9fb427922cb65006494c2cdee221ea2

          SHA256

          0d55f605f5c6d79f17c7a1267f762167858dd078721dad673f2daeabf87e8bf5

          SHA512

          c776565be5a6af14a16c20de86fe45e28afb7a51dfa320d33e61d360a8aadad0c73544246376be0e07632174ad6b2de8e1068648c3bb38c6b924b24caf6b0571

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d349dbc531cfbc18bd308290d9fc7437

          SHA1

          74923389470b2bc7c9b2c57ca65323af428bf587

          SHA256

          33fdfe924c9800bcecf08b88a06e677ccf8692ce48d370113441bda004f3f1b9

          SHA512

          2d33a424688744ff91705dafa1b822e7cea328ac6e2de7f59ed3d62823b5997d8c3e64e9a910f55541eea1f4ce7ca23f2dce9f00d1e59534db5b1ee724315008

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5f30a39bb61a03fc9b902a9ffcef2227

          SHA1

          ae659fbfb9132c2a4755abb82a8658499276a071

          SHA256

          db631b47989145fc9837e9f09c8eb21bfe0d13c49cd1d43f31929110131e22d2

          SHA512

          f96c3cf2c2669f2c2504f6a28bf3e4d29a57713fc15c0c3a4beab29f64173baf05c16b6e9c1cd15d98876dc3ee03faa122a36f361141172c6c221aa593a8374d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9e4f1029abb1a02c4ace458ade4c8236

          SHA1

          5f1f9e5fd4771b086809635d5a200d621e16b19c

          SHA256

          96593c4e2a03a9dd28438530267338d96493e4d064eb96a7fd2fb68c3631f4ba

          SHA512

          3c8b60cebe5660802f360c655be1f507aa2c13ac3452eb3f6621cc6f10881fa9cb1cf09ec47a91e03e126d8bcf7799fecff69211d844183825ac2ff2eb83847f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c8ac5c6aaf266322e81a11aa21f29922

          SHA1

          9a6cc178d61660e9a64a05aa6dc778374e452b62

          SHA256

          51dbc6fdb4d7a41b8e5c4487789782a1d82d8e82e04b76a021fbe70c22e64396

          SHA512

          f316daf1a6d2dc9fd113dc466ca6038caa399219b522b5f4713f8bc95e8f9594d21d635d8507f6bdb13468769760faf76cde3a388689125a200d7d4987b74329

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          478aa449e725687aef58dc3988267769

          SHA1

          d62125cd9b332790feca4a15d842191ded81d222

          SHA256

          8d3817dd4e36d73ad3f5d69efc3a38fa55c6162dac9abea0fe991e4fd8b8ae87

          SHA512

          7b065cc3d9468d84403feba51a3abe2caf3c306988ed6dfae50716ab38547271102e2a879c60a20ca02f3cd4c45f8b59ad4596ee7d3d81389dd8203a1796e8ba

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          76ca4cbae01a9366d17b9cfd1cf29d97

          SHA1

          355c4554dded7946497d330e30716415fd1fceb4

          SHA256

          bfccd1943eee70f40dbbed3fda2ba8061a15ff9df3180cd389a6061f17c32481

          SHA512

          df19dec9fcd94c5466f7fa4c1e53b35bde1c4589a7784eebfb905e9dcccc911514bfc3f5eb66aa63b0168c7a736264282ddbef39e0f11cb336cf9580daf8ba62

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b1c52c24fc2068ed927f8a731017e5e8

          SHA1

          87167dbe40bce56b3f4feee7644b3de83cbe0d48

          SHA256

          a0eaaad022854a25bf16b96dae14b54b58d39c4554e39577df9aae3f1c46c7f8

          SHA512

          4f0b4cea8f23b3b4767cb63e42d2d507c42cefe47fff2391f066f2056c1eb2ece400bbd4a02d6b2c323f5cab18540980613e99a7f861cd81d3973203282b9f70

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\OO74KZTI.htm

          Filesize

          176KB

          MD5

          eb69ff230488e469c0c6b053ec32d99e

          SHA1

          6695a21bfa2fa6c77f8b8be9fcf2b232c3b7eaf7

          SHA256

          0ee707827b591a96ac89a48948057bb07d662130b01195a510a1aa0044075622

          SHA512

          0aa2824ca0be364112b3650d9d25c08090e694555e42c810a2d76ed31a99b753577bc222e1f9d1f93bbd9c12fa600fa94ce5a191aa79044ac960752dbfd3b8f4

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\search[3].htm

          Filesize

          25B

          MD5

          8ba61a16b71609a08bfa35bc213fce49

          SHA1

          8374dddcc6b2ede14b0ea00a5870a11b57ced33f

          SHA256

          6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

          SHA512

          5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\search[4].htm

          Filesize

          151KB

          MD5

          099fbf737924870293eeec6650f883d3

          SHA1

          0515a36431f49677e4eb54813e28b5d7419a4c4e

          SHA256

          a30100d69cce556fd8b71eca23aab63c4ab71b951690c03123cdf54e0afef0ab

          SHA512

          1987a7d9658a16ba94fbcee889a618823f9a8ef6db79c8b541b35861abb583bb9f0b13540555306921643a96a1aceb1f4f664e51f19db1ced969ae7d20648576

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\search[6].htm

          Filesize

          119KB

          MD5

          756ce355ea30476122f822ec667e0f7e

          SHA1

          a12491f5827dd632e31634dd0601acafb8c0109e

          SHA256

          12c1ef40432860b12ce3ecb14a1871017e4cd28fba7de6d81cfd21e5515d9b17

          SHA512

          3890ef2455e2cf1824dedf94cc4c15be72d775c5433bfdf58ff81b5280ce76f5c7a1ce84b9ddfe02593be364bfca429a277ebb1eed5820abe8a5c6a4add6e122

        • C:\Users\Admin\AppData\Local\Temp\CabFBA7.tmp

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\Local\Temp\CabFC16.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarFC2A.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Users\Admin\AppData\Local\Temp\tmpFDFE.tmp

          Filesize

          29KB

          MD5

          a8acf0d32494facc09b845f90c9474db

          SHA1

          a3d19ea033ca2b149b43eff86a8a6da826d1c868

          SHA256

          f7da55919bc4307ce14a0c05684a2b0c0666ed70f2dc7085a5d1edeccef588bd

          SHA512

          57be0f0139c81bb86bab9f851ac1f646925999714286175770c3dde4ebab0fd94874c9bc3ad0e651737514a18b747edde16e35142f31e064e6104e8766fa4991

        • C:\Users\Admin\AppData\Local\Temp\zincite.log

          Filesize

          320B

          MD5

          8ce931abaaefde84992f60eb5e97d8e3

          SHA1

          ad721b44a3da12f42bcabd7a2687cab1d4076e17

          SHA256

          0f8d7844cbb3ad967a517da2be7dba407e017d56c12abdf9142275648a1a1468

          SHA512

          702612e81b2826f7b69ade009e699247d2c9daf4fb72d5682aa560f33aef1813658b3cf5794bda3ab54679b0f25988a793d5bb4499fbe232d5189f16581ef98e

        • C:\Users\Admin\AppData\Local\Temp\zincite.log

          Filesize

          320B

          MD5

          0f33375ae1755d7004571c28bf6542fd

          SHA1

          07d78d52eff7b378610062ca71f9bcc4b98495b7

          SHA256

          ce5f9e370f3ad86aae6d7e4a409ddc46ef55c1100e6087e517e9aebd68846124

          SHA512

          d65dfcdd0ea735d951c4b229e64490af5a70b16e19488c3831b11b2a1114702347a40be46aa1a0ce5ec5a2f860b38fd6e2f84cfd16d26d2fdb8e317913adb59e

        • C:\Users\Admin\AppData\Local\Temp\zincite.log

          Filesize

          320B

          MD5

          bbd324a7a02928c21232bb7e3749d9a2

          SHA1

          3d502ac87b124425ad2639475197fbfbdd5b1145

          SHA256

          2d1798c67dd427d39862bdbefd0691172f488c6d33b4aea2d4951684578bd458

          SHA512

          8f806f33ffd85ebccb4d69523c25bb38bd6c859c72a92193ea24dcfcc020782dec9ee8da4020926970db95deb76c3033b1ed6cd45ddb8fc68be65d0a0c7d2a99

        • C:\Windows\services.exe

          Filesize

          8KB

          MD5

          b0fe74719b1b647e2056641931907f4a

          SHA1

          e858c206d2d1542a79936cb00d85da853bfc95e2

          SHA256

          bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

          SHA512

          9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

        • memory/1244-74-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-30-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-69-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-1499-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-67-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-1495-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-62-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-11-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-57-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-55-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-18-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-37-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-762-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-32-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1244-23-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/3056-54-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/3056-66-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/3056-24-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/3056-31-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/3056-761-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/3056-36-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/3056-9-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/3056-68-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/3056-25-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/3056-61-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/3056-10-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/3056-1494-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/3056-17-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/3056-0-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB