Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:01
Static task
static1
Behavioral task
behavioral1
Sample
187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
187d7125a1557a8d51f8ce5d46e93ec0
-
SHA1
d5011248c7578c0fca312a740ab33518fb49b588
-
SHA256
93d9183084538d1eaefa2f0914467c25768b24910c42a7dbd99020898adf0b81
-
SHA512
311d53c11c58be3ea13e0031d2feef9564ddd9c8fc3c09727c7547813ba582443bf810164a70cc56a019dca3865d292cf78adc02d5127e5fd0da7d25eb8ed924
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBx9w4Sx:+R0pI/IQlUoMPdmpSp54
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1444 devbodsys.exe -
Loads dropped DLL 1 IoCs
pid Process 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\IntelprocZA\\devbodsys.exe" 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\GalaxOH\\optidevsys.exe" 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 1444 devbodsys.exe 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1008 wrote to memory of 1444 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 28 PID 1008 wrote to memory of 1444 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 28 PID 1008 wrote to memory of 1444 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 28 PID 1008 wrote to memory of 1444 1008 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1008 -
C:\IntelprocZA\devbodsys.exeC:\IntelprocZA\devbodsys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1444
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5f84d2021b356535f6c475c8935ac2344
SHA1c2614160139f7bfb92586b04c491539eff04f91b
SHA256535ec41a53b90d2b02ac47e95f31048f687b41ac6eeaac6ef2175baf1c4a1045
SHA512797ddf04a7c3d7e4d20c69114e6ae190cbd358f5a8caa8c0f1052d99cd890150d890f828a58c08156513819a96b74839aa8ad1f1d99fd33d4e314c36230dc0a9
-
Filesize
211B
MD56efc207ecbcf710553722d950c771e84
SHA1bffd4a20bed594bc04568e6d5d86c45c5788b4cb
SHA256fc6a986df83cbb5ab246a11e5660211c89ab2f65f829172d797609e199c15bd2
SHA51214bc0e4c7d1e301149ee1ea28bcdd5055f43522d72087a1ec1975cd2a24adfaac21c5f02711f94fb11eab95888d3ee14781e86f8c01ef43d9e5f4726875ab925
-
Filesize
2.7MB
MD549312c3df95a490723f83af865f67681
SHA1bd83fbc295f7970bbfbc39de84dcf915918eaaaa
SHA256bead5a2b2e4e03cb59c524e650edaddf4ee3c2f6a67d29ffbbcc30e6e5d5fe92
SHA51246c2c33e0bcebbc8ee28b82f68767d61c5488b562f881ae87f36104b4e6912d822e4ace5bb709040fba1f99d7e72279fd452f155463858670eb04aa2589e8b32