Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 04:12 UTC

General

  • Target

    8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    8d0daf91a892e9fd759a4faec5910430

  • SHA1

    bd4485b37b5dd01c0a9227ad3a4107f0478576a2

  • SHA256

    02d80cd2e17f540ddd05ccdc8c861d8dd31f18921996f0774bd071b4064cb1f2

  • SHA512

    27c01f04f57bfb0a7853bf4067fdf63e4b78c92ad1a9ac962b8a027a8a5452fee7d13323f5f460413a66deaa020eab2b4476f527a1b4890935794f8fdef93e68

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBB9w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\SysDrvSN\adobsys.exe
      C:\SysDrvSN\adobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1252

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    144.107.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    144.107.17.2.in-addr.arpa
    IN PTR
    Response
    144.107.17.2.in-addr.arpa
    IN PTR
    a2-17-107-144deploystaticakamaitechnologiescom
  • flag-us
    DNS
    10.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.173.189.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    144.107.17.2.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    144.107.17.2.in-addr.arpa

  • 8.8.8.8:53
    10.173.189.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    10.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBQJ\optiasys.exe

    Filesize

    2.7MB

    MD5

    4692a6f344db8bce88d8b7f85b8d8321

    SHA1

    c93d0641365505abaad1d64c1bfd56d60f08edc6

    SHA256

    43ff90f47e0277015196a8b9e377d60f401196ef7c2941a28f251652c91faf5d

    SHA512

    3ac069ff62b3cb1488afd9651940325525e182087cebbd96ba3863cd9f184b831da453ca71e691b2717abd4ccaeb840804ff448680c2e87b8b03c85fd19d852a

  • C:\SysDrvSN\adobsys.exe

    Filesize

    2.7MB

    MD5

    331bf206690cb109752187b7cc359ae2

    SHA1

    fbb85c60987af264bf9c097b91df693d64593ebc

    SHA256

    dce2997b4d6adc35f35cb202d73b8d4eb836d87923df4074575da38cc99a8045

    SHA512

    5f5ded94643e0b3b47cc17976e7085996512b0c53f99559f2f78886a7474208e9020d4cf102438edf7a6e24250b71c44ed914f88d0b8791bd229d41a5d7c6453

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    203B

    MD5

    d37b0f3134ca05b6f99b26ddfe886dab

    SHA1

    b094dfe4e838ad0a26a5dcfdc1b10042e1335083

    SHA256

    b37d2dafdcc4ef1ca2470f5c7153c434e66fe0fa19d4c3ec43d69390ff4394a8

    SHA512

    d005e896008eb4dae103975261b5f41d6ddf99a8cd4942659acba3bd395afa560d4643a12f276ea83d70179bd6a8f1cbc6c5e36048e812f63b8ac59cb92c13ba

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.