Overview

overview

7

Static

static

3

26db2235e3...cs.exe

windows7-x64

7

26db2235e3...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-05-2024 13:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26db2235e3aac05513bb72db71a03e50_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    26db2235e3aac05513bb72db71a03e50

  • SHA1

    041732a218b844ae18c3e83a324fee9eef9fbf7d

  • SHA256

    afad3b083f7f81c6c6ef7bc36c46532ce86058f456436fe0a5247404ba8cd328

  • SHA512

    fc5c65e752a87d22ecfeee7c4464f50e8d41d5960562e1728e77891ac9cfa19a3bf7cabc96122e7da2542bf41b62ca3d973440a7d21bb6e5129e80bbad3d1e6e

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpL4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26db2235e3aac05513bb72db71a03e50_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\26db2235e3aac05513bb72db71a03e50_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3168
    • C:\UserDot8I\devoptiec.exe
      C:\UserDot8I\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZK5\optidevloc.exe
    Filesize

    1.3MB

    MD5

    b40c82c2121efe487614f18ca13aa803

    SHA1

    57627334ea7c9de43ff5941b4a68bb37aff8df79

    SHA256

    ac540356d96c10491b5a86caafff2a5bb10aab8a5a8e2be28169a5f0ffa68155

    SHA512

    1b29293dab3f09b077df4d43e669c6a19a6b597135698edad02be4f0f41ae5728d9f520f2a0bb8a719bcc48d26fd26240a4ca22a7318f6839ca3e09b1c4e6cab

    Download Submit

  • C:\LabZK5\optidevloc.exe
    Filesize

    2.7MB

    MD5

    265014d424d67844ff827c20ada05340

    SHA1

    82043bbf5c1bd374d845440d21d808f74f8ea0ab

    SHA256

    667b1fe007634b6ff92d5687268a3171378490b6f5a87d232aa58e189c1e3538

    SHA512

    364839a99bfc224198f0b3a113eaee6655a85aa30a97a4a9944c36e6bc7c22a0faebd72d0523c407cd275a9abe115a74fb24cbca440f880ff70381ba077222aa

    Download Submit

  • C:\UserDot8I\devoptiec.exe
    Filesize

    2.7MB

    MD5

    e407655212e8d13eb48cf1544c923908

    SHA1

    020abf55fe438885cd9fa015adcded6c37f8fe56

    SHA256

    3eaec40ab5430d35b6f62521f0849a3e9d08a779a48c903439224462966cc9e3

    SHA512

    90f7456a983685d06e92c5f8affbeb39481b8044f61ca208ec6e0359a44ba9f87ab24c485e194c682292d88826d15ea5ef6169f357200b353e9295a5105c5e10

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    d673c0793ac384546d921f24e1b81e8c

    SHA1

    4eb3ef694cafe9f3d581d7ea60fe0e790c197647

    SHA256

    b2c1f585747cdb5404066bfc2315462155a55ba50d96fb3e59000f6cdca76364

    SHA512

    29de77daf69b5386e99b981c53766292e45f63f615ff133a118d6f8a980fb8f3814c4325545a21b790dd6da57ddb55f02b2d8081ae385431e2825bb4d06cd851

    Download Submit