6e25505cedf3283c2d2a702ae4c61e9e37caf82004a9af84934d2bed3eb6e56c

Analysis

max time kernel
150s
max time network
129s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 02:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
Size

2.7MB
MD5

611a0b11c86c92498e8c4764d395fe60
SHA1

e013500819660d9586c1754fd3250815e920cdae
SHA256

6e25505cedf3283c2d2a702ae4c61e9e37caf82004a9af84934d2bed3eb6e56c
SHA512

2ddf71c89da4dac63baf3c74ed85a041b4d28b989383dd9f9a1a56228b7c241d2abe2328b0fbd93ae95bdeb4cb261a62f6e51bd9d836f5b9dd6b7b9808112160
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBL9w4Sx:+R0pI/IQlUoMPdmpSpX4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2936	xoptiec.exe

Loads dropped DLL 1 IoCs

pid	Process
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Files5O\\xoptiec.exe"	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidDM\\optixec.exe"	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
2936	xoptiec.exe
2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2936	2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe	28
PID 2424 wrote to memory of 2936	2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe	28
PID 2424 wrote to memory of 2936	2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe	28
PID 2424 wrote to memory of 2936	2424	611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\611a0b11c86c92498e8c4764d395fe60_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Files5O\xoptiec.exe
  C:\Files5O\xoptiec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
202B

MD5
5cb9bf6458c95efc583f65156e811834

SHA1
40ceecffb25121e9231039ea2c67cef11ef11eed

SHA256
cd63b83813eda82889ac046fb3917f266de396e7a2d911d451a2366929fefbd5

SHA512
906bc5c202b2e411460ef683edb07db06e225c3aad1fc07f6042b235411035bba812792b5cb7fc4bb7d14e491536e5ba3af651f60f11e3f9e465273644ae6f5e

Download Submit
C:\VidDM\optixec.exe

Filesize
2.7MB

MD5
b4ac9e50a78ee7f52635b844af5eb5e8

SHA1
e91611f0d4dd3f339b0f2ebb425b967230356b81

SHA256
561179e02c5d4b0fed934495621a2eb804621a5e870848ab596d76f4853e0ff6

SHA512
2a03dbca50c3bf33984c096b635eb55cfebc1296047cdc3637fcbee95010ca1672bfe004b94cdf15da54b3cd4c3d44c62ea532422d3ee2d1dd849064642f1efe

Download Submit
\Files5O\xoptiec.exe

Filesize
2.7MB

MD5
716e5c64bf511eca12ad03605c3b69fe

SHA1
84e3a7a16ac528411de65b905c1d230868f754ef

SHA256
192f179da2333711f434a8168d1c5729a2fd4977ddc77c909a901806292964aa

SHA512
2ce8d565a8d48d86f90ff8d29ead132df6e487b893ab80cf4d4f27e0f854785796879339645f9430c9edfdfeaabece5691aae7e62a7b09d75ddbe59c68fcc10c

Download Submit