Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 06:45
Static task
static1
Behavioral task
behavioral1
Sample
4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe
-
Size
4.1MB
-
MD5
4a653ade7b35d2f04b53452d5aa2bdd0
-
SHA1
1076f701c7b9bb94c1371f414a36a6afd33a80a6
-
SHA256
4eda528d1d83386dec0085476a4a921fc4c318b1f261af6790d70a039c266a7e
-
SHA512
d26d151cc62bcfc737dfff61b59e52428db390ab24d33a8c44e372002232418e838e62ab8cb1d2ea7b44bd6dd95a9c2606bdce9c9250ea4d7a83ed4f50928b8e
-
SSDEEP
98304:+R0pI/IQlUoMPdmpSpb4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmo5n9klRKN41v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4168 abodloc.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesO6\\abodloc.exe" 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintLD\\dobdevloc.exe" 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 4168 abodloc.exe 4168 abodloc.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1468 wrote to memory of 4168 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 90 PID 1468 wrote to memory of 4168 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 90 PID 1468 wrote to memory of 4168 1468 4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\FilesO6\abodloc.exeC:\FilesO6\abodloc.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4168
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.1MB
MD5f22ae3de747bd2233c5fb2806a5ca11d
SHA177a6761027668f7558695aa9e8830d95927fe58e
SHA256e6dfecd124361f55e54f461676d697d606a3ba68972574b0b590d4a5619c4d8e
SHA512ce447b1d7bd62898864a4e0f374e0ac6c0baa5e85a5e1e4005f3d1eaceb9e870057c1ce242e60a6b32dea6b80d896b5f89e7e6363b27915f9d4c0fd4d18dede7
-
Filesize
4.1MB
MD541bd27423f83f4eb59bfeef3f8e7b849
SHA1c32d1f1421abaa30a42667ffebab912f75780cdc
SHA256bed95e18bb0ed39da8d74c12ea0d10ecbd9a03c9c3e84e63d09f8759dd629533
SHA512f9715f19434a632dfe21ba10189f0ff5cf409f2b170f39f87949c1b18b691a464c150d950d49d45850b37709b1953b2198d102ae5a9d926ae46366d43d54273d
-
Filesize
201B
MD5706f081dc65c61dc1101304ab78bb0f9
SHA1cd73f7f0b5e6814c154fed6522cfbdea39a6c2e9
SHA256e312822ab2f0ecf405d173259c66f65606cf35503aedc79ed93d9216a22d9f9b
SHA512664fd9aa4268bfcc4c7c03fcffaf576a8cc96f30c2963ccaac643986fa0158223e5a816bc2a776228b0858c16dbda73c8d0a50c4f8efaa867e5226f022e43ea1