Analysis
-
max time kernel
149s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02-06-2024 02:40
Static task
static1
Behavioral task
behavioral1
Sample
274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
274a0a2243787c7ac5b445f7d450b030
-
SHA1
97589714fc390f171c2326c49ea6ed7066d524b7
-
SHA256
f5fca9761db6ff647a62340d99501d1a6e52342c4b6079687a0929ddc63a02da
-
SHA512
48026d385c0b846c7e5b262f40f7879eeb8bf703a80fc806adc137b7c88ba22f267f48b9c950d95743f298e8221db297e8bdc805d1e0687850414e5368133ddb
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBS9w4Sx:+R0pI/IQlUoMPdmpSpE4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3620 devoptiec.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesBQ\\devoptiec.exe" 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVB28\\optidevloc.exe" 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3620 devoptiec.exe 3620 devoptiec.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3532 wrote to memory of 3620 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 88 PID 3532 wrote to memory of 3620 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 88 PID 3532 wrote to memory of 3620 3532 274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\274a0a2243787c7ac5b445f7d450b030_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3532 -
C:\FilesBQ\devoptiec.exeC:\FilesBQ\devoptiec.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3620
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5b60fb3f1a45d372567d5afd8c6c49ac8
SHA12ef2cac37390f097bf918277ffb584343da30483
SHA256e86269ec827bf3241b363d203c6f5a19eb90eb55e01befad1383b8d1a06390ad
SHA512f92b8a2a232701758e959a9b03cb65c2af6fe8967ad127233032ba1fe950d1cd7506fc924de3656948340fa828ac22c3f811f6bd86d8b350ea69ada1ca1847c0
-
Filesize
707KB
MD533a705ebcb4d5d8c1d0ab585fe27e92e
SHA1ea3dc00197e78e1cad165f5c9c0aca192cadb327
SHA2562db2008c3ddcf4936c22f41298b1541a0de4fd489d1f0edeade94833c4e3a9ee
SHA5128e21a1d36fb100d3707db7f8fc7a0a043538d2f1c2538344d07babb945afac9f0cbf1f749111f25bdac27fc44dda8c7d36ad1ac363160b48a92d9d49cbef6e23
-
Filesize
2.7MB
MD5559f096f514ca5853c2235176788d03b
SHA1215fe7fce7cb39474b9759c431589eb61754c3fb
SHA256ae05682cea0b394cf653ff3573d4e2f879c25de5fd473e26c2c7b66e9abf4baa
SHA512923ed95e48405669c82bf9d051676362918c8ef018a6e226e2d6263ade34269786ece18634506765f1d68fe7633ff0289ed8bb1420a4addc3adc055589e2f910
-
Filesize
205B
MD5568122d9df51187e59dd9d9159f60f8c
SHA1606927d50b9fd84aefc05fcf8e85c52a0fe53c59
SHA256272e407da9f8aa163eaa83112d860d2580592fdeb1c8aa6ef066e4b6f6c812e3
SHA512c4f1190425730307ad29c1061aff71ea0a9806835aef10c28054b55a5f847f0ae67f7f777cb0da882be1554a8cbc238a2ea612a0fb2bd239c3ae71dd232f7379