4d1a67258e169bdedd7113a66b36006f1cbdc398d449b416acf3bf3adb8996af

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 03:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
Size

2.7MB
MD5

75938385095fa11d13bbefefdff6ac50
SHA1

901bbc7448b6dac147f106461430563cd10c5649
SHA256

4d1a67258e169bdedd7113a66b36006f1cbdc398d449b416acf3bf3adb8996af
SHA512

ae1ac3281685b8d9e53d5ba7d0c691eba0bb3b23f9d9c4659367fe12de8ab57ec22bd8ed9d616c8faa0ef4c41565bcd25c0d7264d4af726d86fc551d86246adc
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBO9w4Sx:+R0pI/IQlUoMPdmpSpk4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2076	devoptiec.exe

Loads dropped DLL 1 IoCs

pid	Process
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Adobe13\\devoptiec.exe"	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidPL\\dobxloc.exe"	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
2076	devoptiec.exe
2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2076	2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe	28
PID 2940 wrote to memory of 2076	2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe	28
PID 2940 wrote to memory of 2076	2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe	28
PID 2940 wrote to memory of 2076	2940	75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\75938385095fa11d13bbefefdff6ac50_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Adobe13\devoptiec.exe
  C:\Adobe13\devoptiec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
200B

MD5
435ef5434ed0a3c4aec42bdc339b9ad6

SHA1
402d1f62df0caa49e3280a1aa0f6c640d9f3d0b7

SHA256
247dd1e456a5d34ceb40d3b9ef46088e0c83c01dbbab0a2d4b7ddfac7bc02b9e

SHA512
c79342600397d6375587943e12e3bfa1aaa4e19b9bfcb98888a0b7d6a4564c8ea03aaaccf8e9a55d7db5facd20eb7f3da535d2585b42ad74e5bc090474b74fd6

Download Submit
C:\VidPL\dobxloc.exe

Filesize
2.7MB

MD5
17cb27f0d9f527589769101b1fc4eeec

SHA1
06fe3b616b4efceeab1432852d9d78c30e5fbbda

SHA256
3079bbd91fe45e10fd068a68976561e1cd39641f2af4bc96cd4ac5a65f416f5b

SHA512
7c07bc0374757ed2572badaf7c194024e2677d335a80f5c30775df2db31e0d3a16aedceecda1793483b8fff720557bd9a04bf35e751578038712ca02cb7ab37e

Download Submit
\Adobe13\devoptiec.exe

Filesize
2.7MB

MD5
f74c03b11f830e71e62943347a5972a2

SHA1
ef16ed1333b6bbeabdabfacb7172d27ad68e630e

SHA256
1d2807620ca6be062a0bd44fec84a7b93111325cc2149f6f1c927585a35e3000

SHA512
47a5304512ddd3a735aa05046ac5eec02d5269be6d998c51def41dd2c326ad44922b45c562705b683b5dec93584e691f2eed3e6428fa95c5b3a143512e9f5ed2

Download Submit