4a9625451d54820551fc1aef8919994591ba6bcea0ba35eb69af8203c95658a5

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
Size

2.7MB
MD5

0820873b163e8de3563dff787e1b2dc0
SHA1

2fe935f48312944cfe95abcb6e16f84671f10297
SHA256

4a9625451d54820551fc1aef8919994591ba6bcea0ba35eb69af8203c95658a5
SHA512

8d2f81586b83cd205107963811dd330b9bcd1f768ac2425fec1ca41ee06ae8f9157586d11d4ffa198ea43cd29547ddd7369ce869273a283fc181a3cb305c98e3
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBe9w4Sx:+R0pI/IQlUoMPdmpSpU4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2900	adobec.exe

Loads dropped DLL 1 IoCs

pid	Process
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesCC\\adobec.exe"	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZYV\\dobxec.exe"	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
2900	adobec.exe
2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2900	2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe	28
PID 2884 wrote to memory of 2900	2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe	28
PID 2884 wrote to memory of 2900	2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe	28
PID 2884 wrote to memory of 2900	2884	0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2884
- C:\FilesCC\adobec.exe
  C:\FilesCC\adobec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LabZYV\dobxec.exe

Filesize
2.7MB

MD5
41eb131735792b7d89ef53cddbf1424d

SHA1
aa2adb1098388325198bd841109bb74769c9ced0

SHA256
27f1bc9fb08c60b5c064e07704262bda006093f703ecbe1e56496d082be908ce

SHA512
8d1cc86e70dcb4d2e20aaeccd14b3b3070f83670d14b1a7dfd140606545ba8022a6635dc22c539a5d90a0a8b47322a04f44578013d4453561147662c486fa609

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
200B

MD5
a7692a2dc8479f41c67960bb7010bd3a

SHA1
3a30d46cbab22e5f3d9cc0144a1fa5c4ca04a13c

SHA256
ad733cfd47e2a2c23d328901ef0c2489c8553d88ba9a17b263e7d5d8e9e0c422

SHA512
fc68bdd393c7787f4454d068978ba43a0b684c7982943df5d1c56557d0f0bc4bd99ccc0756c6ae2160814f740cbf208cb51c8a8e83f324f2d0f8d9945200d08d

Download Submit
\FilesCC\adobec.exe

Filesize
2.7MB

MD5
150e6059582a0844151f1380cdebdb7f

SHA1
db68222894408413e7cf85ffe9d45b07bd6e6221

SHA256
6f3643f1c2fa5663c790039ed38cffde9f9ce6e2628b70075cec7448f8842600

SHA512
96d11f5277cad13d504349385bd6c6ddabefcff71dc0140ff675af594736a8b36cff96770c5e721007c8c9162c2abc2a38833ee129b9103c2fcef401b0e4c0fc

Download Submit