Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2024, 10:19

General

  • Target

    7c05815a425d8a45808e809f24d8ffd0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    7c05815a425d8a45808e809f24d8ffd0

  • SHA1

    0be144ae6b8855a42516d132fb5ae2ce0f446fba

  • SHA256

    fbd868157941e2ce4c599b945026939277ff9256dd97ac338e93cbdd1e8f60fe

  • SHA512

    c1ad7b85bcf8dc96ab6fba7653e6951328207ec537afc7a82ed0a0a01308cf282476653d363efcfc3bc1b67a22666dc88b3861e1ffe2d4af69c3b4b71ded7afc

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBe9w4Sx:+R0pI/IQlUoMPdmpSp04

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c05815a425d8a45808e809f24d8ffd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7c05815a425d8a45808e809f24d8ffd0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\UserDot5R\devbodloc.exe
      C:\UserDot5R\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxBI\dobdevloc.exe

    Filesize

    21KB

    MD5

    85ac8e8d98995fc09cc8e14b9d872d90

    SHA1

    adaa24efc93ffdc30c0f3eddaed74ed35e28744b

    SHA256

    4147383c7efa7821c6cfc8b7a765239587b96326516b35b8a29b5759d56b432d

    SHA512

    71b1aead94e4cf1bea92e76c1e652cc34c48ae4aa8a1a8f508276c2025ed5821c7ac8d66d8f165cd451ed36fcf9d03a044f936e5ad0acf3d006044ed8f1b1f3f

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    208B

    MD5

    698bbbb66d93ddee97224ee238d87b31

    SHA1

    89c360e7a98ce9d1c07515d5a24e3d662eefa502

    SHA256

    86c110e4b6668ae7db961c842ca029c460a54fd012d85e9f1e723919382f35b1

    SHA512

    b1eff7c750c434258cd4d532e5ab099bfc7984fb42f9e7a08e1ab1cca93c3a992ab5ece9d782807871c1e9aadb7fb4bd03310b07a4a90f105be6b4e57a81d73a

  • \UserDot5R\devbodloc.exe

    Filesize

    2.7MB

    MD5

    eb0f4e58617f6e5af01fd42c32018b3b

    SHA1

    b24da025da7d088107cf460f38d4679ee1b28e0c

    SHA256

    134a1597625c8b79243ef4aa4d09efa737cf72a11fc64021d118f8af9882ac09

    SHA512

    de6b3460362d2b33a039879665b1b7c41ebbd391f89f2c390ce96f80c6a99d5b1f8fa3d978a957215906513d1b1398339cd3e740adb5f6f4e29977abe674fe8e