Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 06:45
Static task
static1
Behavioral task
behavioral1
Sample
4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe
-
Size
4.1MB
-
MD5
4a653ade7b35d2f04b53452d5aa2bdd0
-
SHA1
1076f701c7b9bb94c1371f414a36a6afd33a80a6
-
SHA256
4eda528d1d83386dec0085476a4a921fc4c318b1f261af6790d70a039c266a7e
-
SHA512
d26d151cc62bcfc737dfff61b59e52428db390ab24d33a8c44e372002232418e838e62ab8cb1d2ea7b44bd6dd95a9c2606bdce9c9250ea4d7a83ed4f50928b8e
-
SSDEEP
98304:+R0pI/IQlUoMPdmpSpb4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmo5n9klRKN41v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 272 abodec.exe -
Loads dropped DLL 1 IoCs
pid Process 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBOG\\bodaec.exe" 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Files72\\abodec.exe" 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 272 abodec.exe 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2944 wrote to memory of 272 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 28 PID 2944 wrote to memory of 272 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 28 PID 2944 wrote to memory of 272 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 28 PID 2944 wrote to memory of 272 2944 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Files72\abodec.exeC:\Files72\abodec.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:272
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.1MB
MD5daee974300a367d39b1d76c23c61e3ba
SHA103d82447f1599cd908a06cf5545b9d2d6475cce0
SHA2561eaa2ff217562596c0e2f5218df6a39bd678f7af20e234dda2ebdc8f68d1fadd
SHA5127a2f262d220d5531b5cb64b402c1978d25169a45d37251e1c8cd0f6f07dd98594cfb378e958bf7f2675813e9fcca5165351a892a54823c766ace8aa13c62a4e7
-
Filesize
200B
MD5a814fdc80bd6ec33d6f34c559799fbbb
SHA1f18c5cab8a07eb18594cad1115a1272bcbb6c546
SHA256cae6aac1f05d01eda421906de91e110a16370023397f2888ba3f45550e19c0b7
SHA5121e32a5fe44f75d79d85a65073affd4731026548f15899aad5311207f490448ae5dc893fab8b2f66ed3d9059706423fc515ef8abc299803cecfa8d48d94725416
-
Filesize
4.1MB
MD56a3481b0a574f1bd853c968840ad4ab3
SHA12c64f2df5999a6bbb300e70c1309ef3af5e8f254
SHA256739a7f7a42349c82dc01e61fb9a8ec3699c4917cc3c40412f60bc82b6c3cf9b1
SHA5125409fff8a79a37e79529768a8a76d0647cfd9788d962a0be2486a28f08519281bafdc37cfbad319b02d28bb33a8e8d5e7b33fbb10c6bc02bda9b0483cd36af7d