Analysis

  • max time kernel
    149s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 01:01

General

  • Target

    187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    187d7125a1557a8d51f8ce5d46e93ec0

  • SHA1

    d5011248c7578c0fca312a740ab33518fb49b588

  • SHA256

    93d9183084538d1eaefa2f0914467c25768b24910c42a7dbd99020898adf0b81

  • SHA512

    311d53c11c58be3ea13e0031d2feef9564ddd9c8fc3c09727c7547813ba582443bf810164a70cc56a019dca3865d292cf78adc02d5127e5fd0da7d25eb8ed924

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBx9w4Sx:+R0pI/IQlUoMPdmpSp54

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:116
    • C:\FilesWQ\aoptiec.exe
      C:\FilesWQ\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3776

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\FilesWQ\aoptiec.exe

          Filesize

          2.7MB

          MD5

          684ca3a59a619e42a32e6c2ae33c7bb1

          SHA1

          12441ce9422a231c842f10331ae178d54dcaeb17

          SHA256

          6a8ac606eeb7332c7230544130406ecac67cecbc06cd6b3d122e36e7d20974e1

          SHA512

          9ca94fec2a6ec8c949c8f85151fc60d6b4c5587e499bd817fff3a7c75f5cbd248d8639e6de787707206233961d44685cfe1046d2c0716acd84be4f320ce76611

        • C:\Users\Admin\253086396416_10.0_Admin.ini

          Filesize

          199B

          MD5

          196068cb210e635c44dfa63cb8590f74

          SHA1

          384f7634fd7a3a40800d987f3a1119c21ee92538

          SHA256

          f2a877a40d9c767c07f117d6a326c9278d961ff871a955d407abcb78946e042a

          SHA512

          33b65a30d299f21c71ded076d75d7fc37decff94f18eb5ee4eb6138a2fbaeb773505f915f9790490945b64d3a6994f12ada7193863a0401b8bbdefe2484b10ef

        • C:\VidMP\dobxloc.exe

          Filesize

          2.7MB

          MD5

          314114e52316a1a85265da9c40fbc967

          SHA1

          0b4e102bafb9d477b965becb428f9dd788b12d9a

          SHA256

          9b8ae7bf2c86ca523618243d07ae002e3a246583d1155405b0727086dba96ae6

          SHA512

          3f74eb27d4ac18a890c9765d9b04d03ef8bc0952771a543192a2f001496c7892ea16c4c1b5129d5aa87a9379d24b3fd9df3eb1642e865a8a60dbccbb15dc434e