a3226c6d6ac2de92eedc5d7c3cfa939bc90af6f67c4ad483f31b1baf6af4c9a9

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
Size

4.1MB
MD5

c676deae4e003978a0a771cce2b0a370
SHA1

ebee67a72a9792108c71a89c7eac643721c4b553
SHA256

a3226c6d6ac2de92eedc5d7c3cfa939bc90af6f67c4ad483f31b1baf6af4c9a9
SHA512

fe4df2191bf8c7e5bbdd363794cc112e6d667ce00ad0f4619c46851e87751d8a085e7db17da97a98b99b9fbd2db3b27dcb61be9ddea560c73435c06e6f3398d9
SSDEEP

98304:+R0pI/IQlUoMPdmpSp54ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmK5n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2076	aoptisys.exe

Loads dropped DLL 1 IoCs

pid	Process
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Intelproc7X\\aoptisys.exe"	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZ5L\\dobxloc.exe"	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
2076	aoptisys.exe
2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2076	2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe	29
PID 2932 wrote to memory of 2076	2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe	29
PID 2932 wrote to memory of 2076	2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe	29
PID 2932 wrote to memory of 2076	2932	c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe	29

C:\Users\Admin\AppData\Local\Temp\c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Intelproc7X\aoptisys.exe
  C:\Intelproc7X\aoptisys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LabZ5L\dobxloc.exe

Filesize
4.1MB

MD5
b97c2a228b74e3fc4b1ef1a087020155

SHA1
f8ffa28286b3269faaf36ff92b2d62ac2045bb8e

SHA256
b225129b022c1053221c0f6251a142fabd70d03cf7063ba2096f359475af3143

SHA512
dec4b10153ea643e4ddf2f1161d3c892f42a82e5fd7a0474fe6249db15ca3cd9cbd9e24a23221007cfe34c895e888826741d65a70eb3445685f47b0361c071ec

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
205B

MD5
a2e0447d7a5c3096e34e587c7e40d0b9

SHA1
6b073e207471f6526657777221eb278bddea62a4

SHA256
bf77a470ab2bff317d6f825eca721d7ec61c33b5b24620dc8adafbc2e376f6a3

SHA512
d1b69b220c69fe35ce96594d24e39e96b2fe11a8f1312731bf03daf788bb1b2b2ab14bf169af0a0d02cfd32e400a43f908f20a18bae4913e9204adff62ea1116

Download Submit
\Intelproc7X\aoptisys.exe

Filesize
4.1MB

MD5
54f0f62fabab62964f0a3ac93309a8e8

SHA1
8b187b4ca4ecfaeca3a74cabc96e2a5e7a2fb318

SHA256
a69a6320cc3e8f8578fae4cb5db757ea6046922f8964414774142d01b50d5f4a

SHA512
22592b45a9465b4dc9822e25ab222b86f96f984fe1d6e4af1ecc0a3ca6c98114bfdd01117cf03398a3f1aee4e00d00733e38f7ab9cf78ebebe5edc6db76650fd

Download Submit