Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 06:46
Static task
static1
Behavioral task
behavioral1
Sample
4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe
-
Size
4.1MB
-
MD5
4a7cff2f45f93a211942065626689c60
-
SHA1
65641656e56d4f8e67b5cfcfd0c0a132aa45503d
-
SHA256
a7c277acbfe7f94d457f365d6998fa23965ea5f71bab9c49d4e158293e36d1f0
-
SHA512
e8489a9565aab5c58ba01d7176f4fbf738f7444d80cd6d5de7d3a1c610bb078d4a861c5287752b945e89be896798c6e303c5f9028afff66a9b11cf10ce9502b0
-
SSDEEP
98304:+R0pI/IQlUoMPdmpSpy4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm15n9klRKN41v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1704 aoptiloc.exe -
Loads dropped DLL 1 IoCs
pid Process 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesLR\\aoptiloc.exe" 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\GalaxTB\\dobxsys.exe" 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 1704 aoptiloc.exe 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2880 wrote to memory of 1704 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 28 PID 2880 wrote to memory of 1704 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 28 PID 2880 wrote to memory of 1704 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 28 PID 2880 wrote to memory of 1704 2880 4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\FilesLR\aoptiloc.exeC:\FilesLR\aoptiloc.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1704
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.1MB
MD5465e6d58a09c4dbf2e9827be080e3a71
SHA1bb002dda1fcfab4b585690a4ed10de37be35b712
SHA2569abf78a7f7bb96af2fe6a3712de44e18ba98accab5216058025da888e40ccf17
SHA5127a9bc8761b23b39cf235c08dde6715bdc3c046464068a796939d30c9ff2c80ef4024c9fe82ca759b9960bd04b766f6ce90170612204af15ba0396f3600f4b725
-
Filesize
201B
MD5592599b51f5e413be2f4d54f2d338f73
SHA166a16ebb1794a3fe63342fa1434ed2b1d6c64bed
SHA2569e649333cdd5c2c58b1d41e67d009d9b34ad6206c7fcd33b7ac4cfd043722887
SHA5123e2f3405e8f3250c1cd505336a6bdf721b98336028bcbf51fed2561a04a5c3b48e924610640fed85f2a62f1c89834287c06925cf29d0bd3831751b7a0ad1a4ba
-
Filesize
4.1MB
MD520eb1ec590258cdf17dd73d50de667be
SHA19bef0e818390bc0b8c58811c3ec060cb4c066f35
SHA256d605f1f3c0f397095e3896b5ff641a49fc3ccb3bcc83664f700ae9f2654616b2
SHA5123de935e3942d40e2a1cf2f7353e59c2e62cf3b09c78ca7d37d5b5bb3b118dca3a3c6ccac9d9917db7702e8ac2fd3565626d26953c7673e5612ee3fcaa8e17a4b