Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 06:45

General

  • Target

    4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    4a653ade7b35d2f04b53452d5aa2bdd0

  • SHA1

    1076f701c7b9bb94c1371f414a36a6afd33a80a6

  • SHA256

    4eda528d1d83386dec0085476a4a921fc4c318b1f261af6790d70a039c266a7e

  • SHA512

    d26d151cc62bcfc737dfff61b59e52428db390ab24d33a8c44e372002232418e838e62ab8cb1d2ea7b44bd6dd95a9c2606bdce9c9250ea4d7a83ed4f50928b8e

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpb4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmo5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Files72\abodec.exe
      C:\Files72\abodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBOG\bodaec.exe

    Filesize

    4.1MB

    MD5

    daee974300a367d39b1d76c23c61e3ba

    SHA1

    03d82447f1599cd908a06cf5545b9d2d6475cce0

    SHA256

    1eaa2ff217562596c0e2f5218df6a39bd678f7af20e234dda2ebdc8f68d1fadd

    SHA512

    7a2f262d220d5531b5cb64b402c1978d25169a45d37251e1c8cd0f6f07dd98594cfb378e958bf7f2675813e9fcca5165351a892a54823c766ace8aa13c62a4e7

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    200B

    MD5

    a814fdc80bd6ec33d6f34c559799fbbb

    SHA1

    f18c5cab8a07eb18594cad1115a1272bcbb6c546

    SHA256

    cae6aac1f05d01eda421906de91e110a16370023397f2888ba3f45550e19c0b7

    SHA512

    1e32a5fe44f75d79d85a65073affd4731026548f15899aad5311207f490448ae5dc893fab8b2f66ed3d9059706423fc515ef8abc299803cecfa8d48d94725416

  • \Files72\abodec.exe

    Filesize

    4.1MB

    MD5

    6a3481b0a574f1bd853c968840ad4ab3

    SHA1

    2c64f2df5999a6bbb300e70c1309ef3af5e8f254

    SHA256

    739a7f7a42349c82dc01e61fb9a8ec3699c4917cc3c40412f60bc82b6c3cf9b1

    SHA512

    5409fff8a79a37e79529768a8a76d0647cfd9788d962a0be2486a28f08519281bafdc37cfbad319b02d28bb33a8e8d5e7b33fbb10c6bc02bda9b0483cd36af7d