Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 06:46

General

  • Target

    4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    4a7cff2f45f93a211942065626689c60

  • SHA1

    65641656e56d4f8e67b5cfcfd0c0a132aa45503d

  • SHA256

    a7c277acbfe7f94d457f365d6998fa23965ea5f71bab9c49d4e158293e36d1f0

  • SHA512

    e8489a9565aab5c58ba01d7176f4fbf738f7444d80cd6d5de7d3a1c610bb078d4a861c5287752b945e89be896798c6e303c5f9028afff66a9b11cf10ce9502b0

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpy4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm15n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4a7cff2f45f93a211942065626689c60_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\FilesLR\aoptiloc.exe
      C:\FilesLR\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxTB\dobxsys.exe

    Filesize

    4.1MB

    MD5

    465e6d58a09c4dbf2e9827be080e3a71

    SHA1

    bb002dda1fcfab4b585690a4ed10de37be35b712

    SHA256

    9abf78a7f7bb96af2fe6a3712de44e18ba98accab5216058025da888e40ccf17

    SHA512

    7a9bc8761b23b39cf235c08dde6715bdc3c046464068a796939d30c9ff2c80ef4024c9fe82ca759b9960bd04b766f6ce90170612204af15ba0396f3600f4b725

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    201B

    MD5

    592599b51f5e413be2f4d54f2d338f73

    SHA1

    66a16ebb1794a3fe63342fa1434ed2b1d6c64bed

    SHA256

    9e649333cdd5c2c58b1d41e67d009d9b34ad6206c7fcd33b7ac4cfd043722887

    SHA512

    3e2f3405e8f3250c1cd505336a6bdf721b98336028bcbf51fed2561a04a5c3b48e924610640fed85f2a62f1c89834287c06925cf29d0bd3831751b7a0ad1a4ba

  • \FilesLR\aoptiloc.exe

    Filesize

    4.1MB

    MD5

    20eb1ec590258cdf17dd73d50de667be

    SHA1

    9bef0e818390bc0b8c58811c3ec060cb4c066f35

    SHA256

    d605f1f3c0f397095e3896b5ff641a49fc3ccb3bcc83664f700ae9f2654616b2

    SHA512

    3de935e3942d40e2a1cf2f7353e59c2e62cf3b09c78ca7d37d5b5bb3b118dca3a3c6ccac9d9917db7702e8ac2fd3565626d26953c7673e5612ee3fcaa8e17a4b