Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02-06-2024 03:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe
-
Size
53KB
-
MD5
31ba7c41a617fa7f4f879d9ebf476120
-
SHA1
f768026b45efdf31d7414bd48e019a7a226f431c
-
SHA256
d78384d543654bafe86cbbe43356fd2f49872b0a8a042398e92d6f72ad87f479
-
SHA512
168785181cad069d28ac10b1e6704d69e50ff92af92b36ee3467fbd7c790cb2115bc592fab3c16e2477125de76cd2072b5b371583d13244cec7d861b42eedfb4
-
SSDEEP
1536:vNcg8r8Q+Xg7Zsf7Kp3StjEMjmLM3ztDJWZsXy4JzxPM0:NXg2fJJjmLM3zRJWZsXy4Jd
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" zioveg.exe -
Executes dropped EXE 1 IoCs
pid Process 2120 zioveg.exe -
Loads dropped DLL 2 IoCs
pid Process 2276 31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe 2276 31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\zioveg = "C:\\Users\\Admin\\zioveg.exe" zioveg.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe 2120 zioveg.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2276 31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe 2120 zioveg.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2276 wrote to memory of 2120 2276 31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe 28 PID 2276 wrote to memory of 2120 2276 31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe 28 PID 2276 wrote to memory of 2120 2276 31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe 28 PID 2276 wrote to memory of 2120 2276 31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe 28 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27 PID 2120 wrote to memory of 2276 2120 zioveg.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\31ba7c41a617fa7f4f879d9ebf476120_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Users\Admin\zioveg.exe"C:\Users\Admin\zioveg.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
53KB
MD5779878f46ae5d15ca8cdf7b27eea9c07
SHA173167fd84c01bf309265a2b21b1c52b0b335f595
SHA2567f19ca6bd12f3e6cdddf503c70bcd002180ad489633f818259258f6ce507c08c
SHA512bddc62340ef40845a3664bf01ff19d066930c61e03e6b36218966e04914ada1e01d47f53a75d348939d7bd5f2432aa2c5dc83247fa6d13434147b55cc9fe6a8c