5fb062ee37a9fb3d7456f3bee8bbc0b2101b477a0a1df92506c62e98c87fb229

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
Size

2.7MB
MD5

1034f9b64ef28b48f693520d4fa1b440
SHA1

a2ec4916f45de16727b7acbf97efbd249234bf41
SHA256

5fb062ee37a9fb3d7456f3bee8bbc0b2101b477a0a1df92506c62e98c87fb229
SHA512

fad3ad1710d558fa8d5ff8fda4734c9f491a1fe85fe24b9ff7fc976a5de48ec25e27ee42c69d1ec64db1618dd657d5e3ab655a03eb36cdcf347beab54631c4e0
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBp9w4Sx:+R0pI/IQlUoMPdmpSpN4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2360	aoptiec.exe

Loads dropped DLL 1 IoCs

pid	Process
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Adobe2V\\aoptiec.exe"	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZG0\\optiasys.exe"	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin$ 88)<)$7)516\$1+:7;7.<$16,7?;$<):<�-6=$:7\:)5;$<):<=8$ecxbod.exe	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
File created	C:\Users\Admin$ 88)<)$7)516\$1+:7;7.<$16,7?;$<):<�-6=$:7\:)5;$<):<=8$ecxbod.exe	aoptiec.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
2360	aoptiec.exe
2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2360	2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe	28
PID 2400 wrote to memory of 2360	2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe	28
PID 2400 wrote to memory of 2360	2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe	28
PID 2400 wrote to memory of 2360	2400	1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1034f9b64ef28b48f693520d4fa1b440_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Adobe2V\aoptiec.exe
  C:\Adobe2V\aoptiec.exe
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LabZG0\optiasys.exe

Filesize
2.7MB

MD5
982adced385247fe1b59f23ac0c1cd8f

SHA1
907a808f478717bfe52cc1f123944013d38d23c7

SHA256
c834950040d270b963d63398d7b88a8d2388b8295394c215eca3bbc66d8047a4

SHA512
6f6dd3d06bbdcb51dd3082ad0c670a27e88e1ca4ecc3de487f4650dcc52e547bcf979b0361c12124008486ed3c07ded739ef2c2de4f06ecab1f7b0d24cf5799b

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
200B

MD5
0fe2754af3eebb4ba0cdcc15125d9f22

SHA1
d3f644c4b9918771e27ec4940f5a4c22b5b3aeae

SHA256
89c9b7b6503cfa82b937d7cd3f0bcf0fb3c6c660eaa88365951dc38069982272

SHA512
b2fd84aa6117484d22515fa6f77d286e282bd93e12713e1f8d58349a35c914aa1bf3ecaa2292c81707d867f60de1673d33697417271288da4d3dc909f00227f5

Download Submit
\Adobe2V\aoptiec.exe

Filesize
2.7MB

MD5
cbc6b07cb0327b4117668dfdd788cfeb

SHA1
bd84761551ef7cd5175dbac32bea88fc02c8ecfb

SHA256
fc4b40f02f038cdecd916aa210d2525e7029740c76ce8f493bba0838b5666545

SHA512
9986d9dd70a6c336409dea451419c538f872a51a10daeb43bd9b9437e9d7c12bf73b8afee679f65b22bbe26c08da9821a1081b5de8f63206a7d27e610c68495e

Download Submit