02d80cd2e17f540ddd05ccdc8c861d8dd31f18921996f0774bd071b4064cb1f2

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
Size

2.7MB
MD5

8d0daf91a892e9fd759a4faec5910430
SHA1

bd4485b37b5dd01c0a9227ad3a4107f0478576a2
SHA256

02d80cd2e17f540ddd05ccdc8c861d8dd31f18921996f0774bd071b4064cb1f2
SHA512

27c01f04f57bfb0a7853bf4067fdf63e4b78c92ad1a9ac962b8a027a8a5452fee7d13323f5f460413a66deaa020eab2b4476f527a1b4890935794f8fdef93e68
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBB9w4Sx:+R0pI/IQlUoMPdmpSpp4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1252	adobsys.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrvSN\\adobsys.exe"	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBQJ\\optiasys.exe"	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1252	adobsys.exe
1252	adobsys.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 1252	1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe	85
PID 1696 wrote to memory of 1252	1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe	85
PID 1696 wrote to memory of 1252	1696	8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe	85

C:\Users\Admin\AppData\Local\Temp\8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1696
- C:\SysDrvSN\adobsys.exe
  C:\SysDrvSN\adobsys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\KaVBQJ\optiasys.exe

Filesize
2.7MB

MD5
4692a6f344db8bce88d8b7f85b8d8321

SHA1
c93d0641365505abaad1d64c1bfd56d60f08edc6

SHA256
43ff90f47e0277015196a8b9e377d60f401196ef7c2941a28f251652c91faf5d

SHA512
3ac069ff62b3cb1488afd9651940325525e182087cebbd96ba3863cd9f184b831da453ca71e691b2717abd4ccaeb840804ff448680c2e87b8b03c85fd19d852a

Download Submit
C:\SysDrvSN\adobsys.exe

Filesize
2.7MB

MD5
331bf206690cb109752187b7cc359ae2

SHA1
fbb85c60987af264bf9c097b91df693d64593ebc

SHA256
dce2997b4d6adc35f35cb202d73b8d4eb836d87923df4074575da38cc99a8045

SHA512
5f5ded94643e0b3b47cc17976e7085996512b0c53f99559f2f78886a7474208e9020d4cf102438edf7a6e24250b71c44ed914f88d0b8791bd229d41a5d7c6453

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
203B

MD5
d37b0f3134ca05b6f99b26ddfe886dab

SHA1
b094dfe4e838ad0a26a5dcfdc1b10042e1335083

SHA256
b37d2dafdcc4ef1ca2470f5c7153c434e66fe0fa19d4c3ec43d69390ff4394a8

SHA512
d005e896008eb4dae103975261b5f41d6ddf99a8cd4942659acba3bd395afa560d4643a12f276ea83d70179bd6a8f1cbc6c5e36048e812f63b8ac59cb92c13ba

Download Submit