Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2024, 04:02

General

  • Target

    8cbf7bd1c73ff8287c008b15b2a7f2e0_NeikiAnalytics.exe

  • Size

    29KB

  • MD5

    8cbf7bd1c73ff8287c008b15b2a7f2e0

  • SHA1

    7d173bbe1feb733ee196abc7f8c7a472976e2c65

  • SHA256

    a14f94cbd3b6422da7d53bb8af51af7ef36da30a6d5d2770df6e5bcdae4f4a64

  • SHA512

    62e3fc799b0409e3305fb801587eb6922be807a561f0668f9f9a8fc95ca23f4c20f2bcb0e25db2b4dcc50cb78c1a0b5aebe285f73dbdbc26cd379b0c90c3ab91

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/I:AEwVs+0jNDY1qi/qg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies system certificate store 2 TTPs 10 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cbf7bd1c73ff8287c008b15b2a7f2e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8cbf7bd1c73ff8287c008b15b2a7f2e0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1856

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          33e95313c70b5dce257a70fa6aae91ee

          SHA1

          db17c8b0ca2121221e3e9ec8383fa6101c847c8f

          SHA256

          4057c77d9295cf62da61e55674af88506838df9cd4ea9b238d7853ba7769b07f

          SHA512

          8730abaaf65b003c02a55499107ecad15687730f668aa880ce0dd7327320c9a83e2a8047710e31350127b8d32950585106b3756070739fb2b53a1be43ba7f807

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9ce69d0fcedb8557a9394b4057c79045

          SHA1

          1deee8182ae2963ced1763d7acf858e47e8cced3

          SHA256

          69dcdfbe6ecd6ad3a5dfd20d145511f702253b5fae80fade74c1ad02f504b705

          SHA512

          ab9a7b6925673d85aa955b75f59dc568850ae7915691cf4e91a156fb0813ed37cfd4d407db173545787cf1e7c46489450f5710f62935164efa377c6ee97d6ad2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4fc04ce27d9481c6ffa598b82762dbd0

          SHA1

          e915bf81afb46ad13b4d77ea5f0b77cdea7559c7

          SHA256

          41be432d9b3c2c677f942bac1855a0ee1fe6b9ee092814668e9adbcc1f55053c

          SHA512

          5557bf43cd66c787504ddc520a659e3b0e1f78159e1a71f390039a2701c33dd805e8a5dab7accab496e0fcd1cec560ac1ed6be801983b2a81e5c2b3dbf481d52

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c5e6ba54d9f736d469364099109e3c41

          SHA1

          84bb0f5724ddd8357c38f9d87edba83d6ac1d07a

          SHA256

          7251aaefdfd9928132f5f793bcd4b650d343486605c28a0145723f4512d3c9a7

          SHA512

          213fd7ba1ae8f16856217a4a1330b1ff8ced7cf7890003dc4b99675329ec1073c396b53bd230d6057db71bcbbd6ab55ed8655a65cceb63d3aab80fb01a8c8083

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5d1d701731bf52d5af612b8d43aa6008

          SHA1

          1e0f10cea6f506460251e69237af3f86a595a820

          SHA256

          0a34ba90a7535767b2bc0a164655fc397eaf150d035aae4d7b10fbdf9442d4d4

          SHA512

          2e498f81a742646ecbbe7c7ef28c847ccb3a8f5f3e1c61acada7dc2c898cb900eaca498ff8d3b569439a9e9c59574a9f970bf912dbf2640a372c21e30c411436

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b461d6c85f7618f8ea26376e62068cd4

          SHA1

          19d743a911c03320575c6eeea18d40168c299d41

          SHA256

          d322d161e8daaa9292f768d242d45b39eedd25bd6a21271698d3f51c790dba74

          SHA512

          3505f8098318892709210c9deebcae82224ec939e9a2590e830a5456d3419f12e31f7f3829da639feb11ca8f038252eacf616fb023704567ffdc29d24ee0aee1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e5432356992c8cab959ca803a1153519

          SHA1

          ed2bdc70392cab15667e682c8463dbed2ef6087a

          SHA256

          2e58ac94b5f9088b82031c3c8868655139cd49ed58a6c196bd5fb7cde9c8970e

          SHA512

          38da7f6de477ba44dc8b55d4aa6b25618bd4362e6cf00359a4dd0663372a74919e19e880a0e190bdcc4955082793742559c064ecf03385326ac7abe3f5703352

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          201ff62447cabd5af53a9da741131b77

          SHA1

          009d425b415ae037a22e92f29993bbf782a9e9ce

          SHA256

          389322c2c5c0e2dd7caa780ae1ce6fa8e4ca8b0c697bb43776efeb798e408fea

          SHA512

          1ffee478fd11efcbba95d9ae6d306d809b2b12d621a7820a204739a38feb14b61b0ed337acb3b82a2e84fe31a82f0b2a8627fb334b6df9bc984c5432a2489d6f

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\search[2].htm

          Filesize

          25B

          MD5

          8ba61a16b71609a08bfa35bc213fce49

          SHA1

          8374dddcc6b2ede14b0ea00a5870a11b57ced33f

          SHA256

          6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

          SHA512

          5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

        • C:\Users\Admin\AppData\Local\Temp\Tar4BEB.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Users\Admin\AppData\Local\Temp\tmp5013.tmp

          Filesize

          29KB

          MD5

          599ea9bc04b1607efc285f6e58b2dd06

          SHA1

          49c9b7b6b67079eb16d52fdba71a286f7d0b29d0

          SHA256

          d59dde6928b1270ff1d3131a4e321ab1ee627a9032b15f3e41a3d37072fa8ff3

          SHA512

          ec95539f739674c3a963e6d63db3b6091219d2f9a7cdba0e254a5adf46ecd472bed828bed63734d078cc26d9c86228bfafbadae5f1998fa195fc3c5320ca0b35

        • C:\Users\Admin\AppData\Local\Temp\zincite.log

          Filesize

          352B

          MD5

          18c22925b7511846d512daa7a171a893

          SHA1

          021620a7b00a6f612786b9d038cbf58b34ac0180

          SHA256

          a0647c8ad720970a1d8eac88371dce6d4c5984b1a5e4bd387d2cdf2c2c94e6e9

          SHA512

          48995b1568b84ef382a25a404c2c6b05bb8705b76f0511870a27ff29784cd1312c62a60dd2b99e23800f8dbdd24ccf6faeb089df1e8e50d91abfabf5274965bd

        • C:\Users\Admin\AppData\Local\Temp\zincite.log

          Filesize

          352B

          MD5

          ca3381c34862f9fa4987d48f22acffa5

          SHA1

          0424e65c5d3685315f4214529a24c4edfc7335d8

          SHA256

          7291a8532a986d5e025b71fb6e9d8a4ed94b97bd0f3d36e676db45d77d593153

          SHA512

          a581c9b982c9f6dd6c7667e0cd298285e88148df253320d6be4b9f72ddabcb4c6f1f8334ebaea4260ec4727619c2d1c93e8f39a3ebf10f1f0c68ff91070cc210

        • C:\Windows\services.exe

          Filesize

          8KB

          MD5

          b0fe74719b1b647e2056641931907f4a

          SHA1

          e858c206d2d1542a79936cb00d85da853bfc95e2

          SHA256

          bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

          SHA512

          9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

        • memory/1848-62-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/1848-41-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/1848-8-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1848-7-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/1848-9-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1848-66-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/1848-17-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/1848-68-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/1848-24-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1848-25-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1848-78-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/1848-96-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/1856-30-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-18-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-79-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-97-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-37-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-32-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-44-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-69-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-81-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-23-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-74-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-67-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-11-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-63-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/1856-42-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB