Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 01:36

General

  • Target

    1d604908f917403385d726c694a8b040_NeikiAnalytics.exe

  • Size

    2.6MB

  • MD5

    1d604908f917403385d726c694a8b040

  • SHA1

    9c5a6de198728ed1659409e19ffa2bfab9c7e438

  • SHA256

    0dbeefd31c074d4961a8aee9bee33e3543174598a770561d0e23f6d62bd2deca

  • SHA512

    142af2de8fc29bdeb5b5bf05c1848495e8c4fc0d391e0c7923159c20f3c2db95e06c773371bbe09330ffbeea6d8058560db6f609bb950f27519cf3ff351d34db

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBFB/bS:sxX7QnxrloE5dpUpWb

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d604908f917403385d726c694a8b040_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1d604908f917403385d726c694a8b040_NeikiAnalytics.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysabod.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysabod.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2632
    • C:\SysDrv5C\abodec.exe
      C:\SysDrv5C\abodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2504

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\LabZCR\optiaec.exe

          Filesize

          2.6MB

          MD5

          190202bf4b592dd24148ef6979a349d5

          SHA1

          399089da2bd41a06c354d2263f4721faa6be8693

          SHA256

          d5703adc068a43ba8f91fbf3feda4b9b4ef2ae5c74fc472a29a0ad9dd98b6983

          SHA512

          21dd90fd902f67505d20a4d4fc9075ae7bac4f6573706d5b8e62235da43f738a46390bb7d04074b2c4f2e965dfcaf697487bd7a9a0e5eb4a59e71bf8554efa16

        • C:\SysDrv5C\abodec.exe

          Filesize

          2.6MB

          MD5

          9a0c3c9155f77810721e7d9080fe42ee

          SHA1

          a54131a774ed32aa2ceb2e4f9338347e903bf3f6

          SHA256

          991e7c03746cdca059658246c5b3f1a105b6a5852bf7b1c2321a3bdf2c263a49

          SHA512

          83d803a7150fd8bed8bd6755260a73a3880dd9b582e6b3b52c80d454400f6c3dbf72d1926ba40337a7a327bf8071d6b3fa285b14b2aeda69356ae2e927c53465

        • C:\Users\Admin\253086396416_6.1_Admin.ini

          Filesize

          168B

          MD5

          05192d27c4dbd0edd026e25c5a3590e7

          SHA1

          4cc0e2ef0a6e7b190007ad3d8f15fe09043ab970

          SHA256

          a631ad3275f01487ebc72e920846b12d38bbd580458807c5cc2fc01999c9abf0

          SHA512

          759441844b753e6a8c636eb042ad0661c9bf418737ad12a6d3ffe28b33159110d53a0e3a3e20064740aacd23de418bffc4e69ce4739be86e81fe6517006ccbce

        • C:\Users\Admin\253086396416_6.1_Admin.ini

          Filesize

          200B

          MD5

          fc1d292de70d2ab7dbc0cc5f481b3706

          SHA1

          7eb1d235531ba3b8ca3983ef00d600e459a669c1

          SHA256

          a6f43a7eb127b3a2548e241ae2da2bc323f9b969b0bf2b3c8a4b592312a1aa83

          SHA512

          e549c7cd0db6dddc1d889172b41d21d64cab34c2f8a322e96c2b2b5dd2b3730287d05e14929fb11ee4c47e4b3c715ee4ba2d7e8adb636785e6a3885ab601d4e0

        • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysabod.exe

          Filesize

          2.6MB

          MD5

          086fce2867006ea3eb6f72ad4757e9f6

          SHA1

          05660b2d1beeaa1d257785de087376590d21d960

          SHA256

          c390c581550cdecc196da925e25a512310341119a5da5a9cae989967a0991616

          SHA512

          fd726d891b0f9a90c502f385ab32c242d512b34daa53d334a3c070f0c3099055aeaaeaabe5b8d184b8ded4accfd1d2d6f46b3990c4016812bd1743b0b78a42ac