219248d0b833e5871fb0c28f50e4f813fff6d72ab4c3a11e734b3601d1d78358

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 04:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
Size

84KB
MD5

7713f54bb97a7d77d8452e14dd9bed10
SHA1

abc09b251103e0504e05de438af9a03e2cb02538
SHA256

219248d0b833e5871fb0c28f50e4f813fff6d72ab4c3a11e734b3601d1d78358
SHA512

75bf372e7ffd3d3ad759ad7c4032b750de35de324dd772d1a0b5886574bef6a0f0f29e54d05641ce170ff7dd75a09e3048ba9ce52d4c330fe0a444f58740b478
SSDEEP

1536:g7wc1aGNC0klI7CPpIFa6ksz85X3uh4odJModymYn1bniwCC:g7wc1aOCo7CxI4sz8oCooT1bnfCC

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3440-0-0x0000000000800000-0x000000000080E000-memory.dmp	upx
behavioral2/memory/3440-3-0x0000000000800000-0x000000000080E000-memory.dmp	upx
behavioral2/files/0x00080000000233b2-7.dat	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\WinRAR.v.3.2.and.key.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\Winamp 5.0 (en).ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\WinRAR.v.3.2.and.key.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\ICQ 4 Lite.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\index.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\Winamp 5.0 (en) Crack.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\Winamp 5.0 (en).exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\WinRAR.v.3.2.and.key.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WinRAR.v.3.2.and.key.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\Kazaa Lite.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\Harry Potter.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\Winamp 5.0 (en).com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\Kazaa Lite.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\Winamp 5.0 (en) Crack.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\index.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\index.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\en-us\Winamp 5.0 (en) Crack.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\Harry Potter.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\Winamp 5.0 (en).exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\Harry Potter.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\Kazaa Lite.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Winamp 5.0 (en).ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WinRAR.v.3.2.and.key.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\index.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\ICQ 4 Lite.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\WinRAR.v.3.2.and.key.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Kazaa Lite.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Harry Potter.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WinRAR.v.3.2.and.key.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\index.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\index.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Winamp 5.0 (en) Crack.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\WinRAR.v.3.2.and.key.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\ICQ 4 Lite.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\Kazaa Lite.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\Kazaa Lite.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\Harry Potter.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\Winamp 5.0 (en) Crack.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\Winamp 5.0 (en) Crack.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\Kazaa Lite.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\WinRAR.v.3.2.and.key.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ICQ 4 Lite.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Harry Potter.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EURO\Winamp 5.0 (en).ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Winamp 5.0 (en).ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Winamp 5.0 (en) Crack.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\C4DB1FF2-9CF3-498E-B7AA-765DC7D448F8\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\index.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\index.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\en-us\ICQ 4 Lite.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\C4DB1FF2-9CF3-498E-B7AA-765DC7D448F8\root\Winamp 5.0 (en).com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\Winamp 5.0 (en) Crack.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\Kazaa Lite.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\Kazaa Lite.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\Winamp 5.0 (en).exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\Kazaa Lite.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\WinRAR.v.3.2.and.key.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WinRAR.v.3.2.and.key.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Winamp 5.0 (en).com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\Harry Potter.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\Harry Potter.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\ICQ 4 Lite.ShareReactor.com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\ICQ 4 Lite.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\Kazaa Lite.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\Winamp 5.0 (en).com	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lsass.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
File created	C:\Windows\lsass.exe	7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
PID:3440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\microsoft shared\ink\ar-SA\Harry Potter.exe

Filesize
84KB

MD5
7713f54bb97a7d77d8452e14dd9bed10

SHA1
abc09b251103e0504e05de438af9a03e2cb02538

SHA256
219248d0b833e5871fb0c28f50e4f813fff6d72ab4c3a11e734b3601d1d78358

SHA512
75bf372e7ffd3d3ad759ad7c4032b750de35de324dd772d1a0b5886574bef6a0f0f29e54d05641ce170ff7dd75a09e3048ba9ce52d4c330fe0a444f58740b478

Download Submit
memory/3440-0-0x0000000000800000-0x000000000080E000-memory.dmp

Filesize
56KB

Download
memory/3440-3-0x0000000000800000-0x000000000080E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads