Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 06:45

General

  • Target

    4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    4a653ade7b35d2f04b53452d5aa2bdd0

  • SHA1

    1076f701c7b9bb94c1371f414a36a6afd33a80a6

  • SHA256

    4eda528d1d83386dec0085476a4a921fc4c318b1f261af6790d70a039c266a7e

  • SHA512

    d26d151cc62bcfc737dfff61b59e52428db390ab24d33a8c44e372002232418e838e62ab8cb1d2ea7b44bd6dd95a9c2606bdce9c9250ea4d7a83ed4f50928b8e

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpb4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmo5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4a653ade7b35d2f04b53452d5aa2bdd0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1468
    • C:\FilesO6\abodloc.exe
      C:\FilesO6\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesO6\abodloc.exe

    Filesize

    4.1MB

    MD5

    f22ae3de747bd2233c5fb2806a5ca11d

    SHA1

    77a6761027668f7558695aa9e8830d95927fe58e

    SHA256

    e6dfecd124361f55e54f461676d697d606a3ba68972574b0b590d4a5619c4d8e

    SHA512

    ce447b1d7bd62898864a4e0f374e0ac6c0baa5e85a5e1e4005f3d1eaceb9e870057c1ce242e60a6b32dea6b80d896b5f89e7e6363b27915f9d4c0fd4d18dede7

  • C:\MintLD\dobdevloc.exe

    Filesize

    4.1MB

    MD5

    41bd27423f83f4eb59bfeef3f8e7b849

    SHA1

    c32d1f1421abaa30a42667ffebab912f75780cdc

    SHA256

    bed95e18bb0ed39da8d74c12ea0d10ecbd9a03c9c3e84e63d09f8759dd629533

    SHA512

    f9715f19434a632dfe21ba10189f0ff5cf409f2b170f39f87949c1b18b691a464c150d950d49d45850b37709b1953b2198d102ae5a9d926ae46366d43d54273d

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    201B

    MD5

    706f081dc65c61dc1101304ab78bb0f9

    SHA1

    cd73f7f0b5e6814c154fed6522cfbdea39a6c2e9

    SHA256

    e312822ab2f0ecf405d173259c66f65606cf35503aedc79ed93d9216a22d9f9b

    SHA512

    664fd9aa4268bfcc4c7c03fcffaf576a8cc96f30c2963ccaac643986fa0158223e5a816bc2a776228b0858c16dbda73c8d0a50c4f8efaa867e5226f022e43ea1