Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 00:52

General

  • Target

    16f33103486a44e3fbc984bb2e24d560_NeikiAnalytics.exe

  • Size

    160KB

  • MD5

    16f33103486a44e3fbc984bb2e24d560

  • SHA1

    b0bebc288b6d5f5fb18f1e1c3b1d0f89449bbd7b

  • SHA256

    99343d229dd14c2bd040955c6984373fa4b8738233cc90e1d3a4ddf378257af7

  • SHA512

    820375e42a684a3c416dbc7310c72fec55e1e08431c8c95ace80554c306eaa6237bb82dc7dc4a40610e05396348c585dfebadd070c543c610dbb865e4d8bf6c1

  • SSDEEP

    3072:fKy5hExmTzwhr1/a84HesWgsIAzRvwa7vUlX1p6SS4uBoA/LVzxISnAOFZDwFU0I:fJ5hEgTzaA+sWgsIORRIlX1p6SSoKVua

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16f33103486a44e3fbc984bb2e24d560_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\16f33103486a44e3fbc984bb2e24d560_NeikiAnalytics.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\yeauya.exe
      "C:\Users\Admin\yeauya.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2520

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\yeauya.exe

          Filesize

          160KB

          MD5

          365cd9d2901502ca75e457ef5160acdd

          SHA1

          daa9fb48a5c76f34e71228eb5450bf02ffe135e9

          SHA256

          77f2c0d9c6beaed7de475b7f1fe0b0bc5ef739de3f10a1ca7e2adb2c266b2cf7

          SHA512

          7c1fb823731769376c69eaafc691356a2107bb3bc680eaa9b67791e5ac905c85142c3c425cbd54b125a383452c180828401cb5e6dc6e512043faddfecd091a28

        • memory/1712-0-0x0000000000400000-0x0000000000430000-memory.dmp

          Filesize

          192KB

        • memory/1712-9-0x0000000003510000-0x0000000003540000-memory.dmp

          Filesize

          192KB

        • memory/1712-15-0x0000000003510000-0x0000000003540000-memory.dmp

          Filesize

          192KB