Analysis

  • max time kernel
    149s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-06-2024 02:40

General

  • Target

    274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    274a0a2243787c7ac5b445f7d450b030

  • SHA1

    97589714fc390f171c2326c49ea6ed7066d524b7

  • SHA256

    f5fca9761db6ff647a62340d99501d1a6e52342c4b6079687a0929ddc63a02da

  • SHA512

    48026d385c0b846c7e5b262f40f7879eeb8bf703a80fc806adc137b7c88ba22f267f48b9c950d95743f298e8221db297e8bdc805d1e0687850414e5368133ddb

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBS9w4Sx:+R0pI/IQlUoMPdmpSpE4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3532
    • C:\FilesBQ\devoptiec.exe
      C:\FilesBQ\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesBQ\devoptiec.exe

    Filesize

    2.7MB

    MD5

    b60fb3f1a45d372567d5afd8c6c49ac8

    SHA1

    2ef2cac37390f097bf918277ffb584343da30483

    SHA256

    e86269ec827bf3241b363d203c6f5a19eb90eb55e01befad1383b8d1a06390ad

    SHA512

    f92b8a2a232701758e959a9b03cb65c2af6fe8967ad127233032ba1fe950d1cd7506fc924de3656948340fa828ac22c3f811f6bd86d8b350ea69ada1ca1847c0

  • C:\KaVB28\optidevloc.exe

    Filesize

    707KB

    MD5

    33a705ebcb4d5d8c1d0ab585fe27e92e

    SHA1

    ea3dc00197e78e1cad165f5c9c0aca192cadb327

    SHA256

    2db2008c3ddcf4936c22f41298b1541a0de4fd489d1f0edeade94833c4e3a9ee

    SHA512

    8e21a1d36fb100d3707db7f8fc7a0a043538d2f1c2538344d07babb945afac9f0cbf1f749111f25bdac27fc44dda8c7d36ad1ac363160b48a92d9d49cbef6e23

  • C:\KaVB28\optidevloc.exe

    Filesize

    2.7MB

    MD5

    559f096f514ca5853c2235176788d03b

    SHA1

    215fe7fce7cb39474b9759c431589eb61754c3fb

    SHA256

    ae05682cea0b394cf653ff3573d4e2f879c25de5fd473e26c2c7b66e9abf4baa

    SHA512

    923ed95e48405669c82bf9d051676362918c8ef018a6e226e2d6263ade34269786ece18634506765f1d68fe7633ff0289ed8bb1420a4addc3adc055589e2f910

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    205B

    MD5

    568122d9df51187e59dd9d9159f60f8c

    SHA1

    606927d50b9fd84aefc05fcf8e85c52a0fe53c59

    SHA256

    272e407da9f8aa163eaa83112d860d2580592fdeb1c8aa6ef066e4b6f6c812e3

    SHA512

    c4f1190425730307ad29c1061aff71ea0a9806835aef10c28054b55a5f847f0ae67f7f777cb0da882be1554a8cbc238a2ea612a0fb2bd239c3ae71dd232f7379