Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 01:01

General

  • Target

    187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    187d7125a1557a8d51f8ce5d46e93ec0

  • SHA1

    d5011248c7578c0fca312a740ab33518fb49b588

  • SHA256

    93d9183084538d1eaefa2f0914467c25768b24910c42a7dbd99020898adf0b81

  • SHA512

    311d53c11c58be3ea13e0031d2feef9564ddd9c8fc3c09727c7547813ba582443bf810164a70cc56a019dca3865d292cf78adc02d5127e5fd0da7d25eb8ed924

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBx9w4Sx:+R0pI/IQlUoMPdmpSp54

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1008
    • C:\IntelprocZA\devbodsys.exe
      C:\IntelprocZA\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1444

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\GalaxOH\optidevsys.exe

          Filesize

          2.7MB

          MD5

          f84d2021b356535f6c475c8935ac2344

          SHA1

          c2614160139f7bfb92586b04c491539eff04f91b

          SHA256

          535ec41a53b90d2b02ac47e95f31048f687b41ac6eeaac6ef2175baf1c4a1045

          SHA512

          797ddf04a7c3d7e4d20c69114e6ae190cbd358f5a8caa8c0f1052d99cd890150d890f828a58c08156513819a96b74839aa8ad1f1d99fd33d4e314c36230dc0a9

        • C:\Users\Admin\253086396416_6.1_Admin.ini

          Filesize

          211B

          MD5

          6efc207ecbcf710553722d950c771e84

          SHA1

          bffd4a20bed594bc04568e6d5d86c45c5788b4cb

          SHA256

          fc6a986df83cbb5ab246a11e5660211c89ab2f65f829172d797609e199c15bd2

          SHA512

          14bc0e4c7d1e301149ee1ea28bcdd5055f43522d72087a1ec1975cd2a24adfaac21c5f02711f94fb11eab95888d3ee14781e86f8c01ef43d9e5f4726875ab925

        • \IntelprocZA\devbodsys.exe

          Filesize

          2.7MB

          MD5

          49312c3df95a490723f83af865f67681

          SHA1

          bd83fbc295f7970bbfbc39de84dcf915918eaaaa

          SHA256

          bead5a2b2e4e03cb59c524e650edaddf4ee3c2f6a67d29ffbbcc30e6e5d5fe92

          SHA512

          46c2c33e0bcebbc8ee28b82f68767d61c5488b562f881ae87f36104b4e6912d822e4ace5bb709040fba1f99d7e72279fd452f155463858670eb04aa2589e8b32