Overview

overview

7

Static

static

3

701658ca4d...cs.exe

windows7-x64

701658ca4d...cs.exe

windows10-2004-x64

$PLUGINSDI...up.dll

windows7-x64

3

$PLUGINSDI...up.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    106s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 00:50

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    701658ca4de02ee07ec4ccc34ded3eb0_NeikiAnalytics.exe

  • Size

    1.2MB

  • MD5

    701658ca4de02ee07ec4ccc34ded3eb0

  • SHA1

    a4e1c8bd74940e2bfeeed9588fc578add6c2b92b

  • SHA256

    c962e389ee68c863b2aa54f7d1147ef2e13eef43a4f7a3033ab291eb422db628

  • SHA512

    65e5107a08ac3da4639a11f4e1bf5a6d2e635fe61c733d6999a4c30e4721a1c10974f1d605a1def383fbd1443772b74a915cc8b46c9b251d9c9d91a49905de7c

  • SSDEEP

    24576:9MDDnzUW2RbuGzdfraM28Y9VdxRKbVqEV8IN0SnKOBV8w5IHd:92nzUW4SGJ2M1YzdxKVn+ImiV29

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 48 IoCs
  • Suspicious use of AdjustPrivilegeToken 25 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\701658ca4de02ee07ec4ccc34ded3eb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\701658ca4de02ee07ec4ccc34ded3eb0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4036
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1176
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa397c055 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:3624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsn4D08.tmp\RealSpeedup.dll
    Filesize

    32.5MB

    MD5

    588ec0b41aec420aa6b898c86b571d2e

    SHA1

    d92e663e2a197d436dd112951814c212e41be9a3

    SHA256

    890109c062672432707f1a6b44c90e57e0e131aec4e8c1f7ef24b0058e0da784

    SHA512

    fed27edee1287dfd201c45918bcea1e6edcd6f7ff48180d9047a6449a1bf45bd69facf57edb65333bd8b34bbdd89958630181bf943b8f0baba98198b144951c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsn4D08.tmp\UAC.dll
    Filesize

    14KB

    MD5

    4814167aa1c7ec892e84907094646faa

    SHA1

    a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

    SHA256

    32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

    SHA512

    fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsn4D08.tmp\inetc.dll
    Filesize

    20KB

    MD5

    e541458cfe66ef95ffbea40eaaa07289

    SHA1

    caec1233f841ee72004231a3027b13cdeb13274c

    SHA256

    3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

    SHA512

    0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    1.2MB

    MD5

    701658ca4de02ee07ec4ccc34ded3eb0

    SHA1

    a4e1c8bd74940e2bfeeed9588fc578add6c2b92b

    SHA256

    c962e389ee68c863b2aa54f7d1147ef2e13eef43a4f7a3033ab291eb422db628

    SHA512

    65e5107a08ac3da4639a11f4e1bf5a6d2e635fe61c733d6999a4c30e4721a1c10974f1d605a1def383fbd1443772b74a915cc8b46c9b251d9c9d91a49905de7c

    Download Submit

  • memory/1176-27-0x0000000006630000-0x00000000086BC000-memory.dmp

    Filesize

    32.5MB

    Download