39023d1c3e08eca1cda226d30273d79d05c5085c30ee6812fe6c31c68096443a

Analysis

max time kernel
130s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 06:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

907b35d2cd9de77118ebd3601bd568b0_NeikiAnalytics.exe
Size

270KB
MD5

907b35d2cd9de77118ebd3601bd568b0
SHA1

c402061f0c743e974defd50843aae6a72dca4108
SHA256

39023d1c3e08eca1cda226d30273d79d05c5085c30ee6812fe6c31c68096443a
SHA512

22aca1f8bc2f32962283998020b35fd1b52afac3e3f46c9faef881a13bcca5fc162e8bcbd9bf99c5a8907488ec0060bf082427eefb4630f64fdbfda17e1c220f
SSDEEP

6144:zGOdIWe48wn1obslh391UmaFyjDZSbGqJ/:zGOdRn1obsl5XURQFSP

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
5688	onvmijj.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\onvmijj.exe	907b35d2cd9de77118ebd3601bd568b0_NeikiAnalytics.exe
File created	C:\PROGRA~3\Mozilla\gmzywaj.dll	onvmijj.exe

C:\Users\Admin\AppData\Local\Temp\907b35d2cd9de77118ebd3601bd568b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\907b35d2cd9de77118ebd3601bd568b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3500

C:\PROGRA~3\Mozilla\onvmijj.exe
C:\PROGRA~3\Mozilla\onvmijj.exe -ibpmpgd
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\onvmijj.exe

Filesize
270KB

MD5
78e2ac2350108e1a9e7f82e8e10e7c7f

SHA1
2fdf9b43f743d46f3f80e0ef6e403eac1c8517b8

SHA256
96cefd04636000295082613bf7633fef8dd06ead9f26fb9be0d98d59bd6a8c26

SHA512
2735e140fa09ef429ff3b637cfeaba59c6c3deec8b48e5e06dae6845960b635bd9671e2981691394da6f3c854417ea1ace96ef5517c40e91779a60d771be44be

Download Submit
memory/3500-0-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3500-1-0x0000000000730000-0x000000000078C000-memory.dmp

Filesize
368KB

Download
memory/3500-2-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3500-6-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5688-8-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5688-10-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download