Overview

overview

7

Static

static

3

0820873b16...cs.exe

windows7-x64

7

0820873b16...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 21:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    0820873b163e8de3563dff787e1b2dc0

  • SHA1

    2fe935f48312944cfe95abcb6e16f84671f10297

  • SHA256

    4a9625451d54820551fc1aef8919994591ba6bcea0ba35eb69af8203c95658a5

  • SHA512

    8d2f81586b83cd205107963811dd330b9bcd1f768ac2425fec1ca41ee06ae8f9157586d11d4ffa198ea43cd29547ddd7369ce869273a283fc181a3cb305c98e3

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBe9w4Sx:+R0pI/IQlUoMPdmpSpU4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0820873b163e8de3563dff787e1b2dc0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\UserDot8V\abodec.exe
      C:\UserDot8V\abodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2144

Network

  • flag-us
    DNS
    240.197.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.197.17.2.in-addr.arpa
    IN PTR
    Response
    240.197.17.2.in-addr.arpa
    IN PTR
    a2-17-197-240deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    76.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    76.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    240.197.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    240.197.17.2.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    76.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    76.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintST\dobasys.exe
    Filesize

    2.7MB

    MD5

    fa0eb3c40cd45da220414c589a2aaca0

    SHA1

    377e49b473f297e69b679865dd571531dd572ff0

    SHA256

    34a2f0e61fb1f70ce50343bdf273ec1897b32f6563ad4f3440929379f2d11d45

    SHA512

    dc8c056cf530d4e3872efe2cd8a0fb0e7d4a1a0ad3cad1f7e7f0de4f9602ac590d13b85672ebdd0e8feb00ed06607b168c99e24f80d8577de8b7eb43edc6db3f

    Download Submit

  • C:\UserDot8V\abodec.exe
    Filesize

    2.7MB

    MD5

    3bd9f6a87c61afda971c5d16ba895fa3

    SHA1

    370b638ecc9ed527bd680a3015052330a7c2a971

    SHA256

    69907e14224c95371a3aaba4e6992b41f51068ca87e793a9fe71ce4bdf1818b2

    SHA512

    89e8c2fee1bc495e7e9a10ea3b0b14485a86feb3f7894db869cfb5957a563c66e26f58c3ea1b28d95666dd8e99c3c29dee3d669de4ce2eaaed58dff9c5f536fd

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    202B

    MD5

    a3d0049eaee440e23eb449ea0192623b

    SHA1

    b8a021c011e6c5d214d82e8cd08d2fee02bea4cc

    SHA256

    485fb5436da5c413369241717d03952ee6083eec7bffc769f0afcdd3c072ad4c

    SHA512

    d0e51f1564df7cfe40dc6bd8bc8862a6b8d32465f2d9a0c9fe653e4ccaaf1940e48cd7100c317a0d2cdeed72bff80f0e6b75d91e0c016d3e8516cbb1605b9459

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.