Analysis
-
max time kernel
149s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04-06-2024 03:13
Static task
static1
Behavioral task
behavioral1
Sample
26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
26074aca6f8bd1188c3a3a5300bfac00
-
SHA1
aaaf7ceb79d6efce61ba07b0d3b42d74aa1069c1
-
SHA256
368f9489dc1f7d1da2dc916e8c8d34aee186cbdfa89e22b7432a7176bf193a0d
-
SHA512
c2fcf753c02770c7b1c8c97394d1c719cbb08d822b66a1fd0426fa9116ea5281e662b05679b51daf381d8666903f5db5db5969e01d449fcf5ea7d504042f0454
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBa9w4Sx:+R0pI/IQlUoMPdmpSps4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3676 devdobsys.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintFM\\optixloc.exe" 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Adobe7Q\\devdobsys.exe" 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 3676 devdobsys.exe 3676 devdobsys.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 736 wrote to memory of 3676 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 88 PID 736 wrote to memory of 3676 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 88 PID 736 wrote to memory of 3676 736 26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\26074aca6f8bd1188c3a3a5300bfac00_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:736 -
C:\Adobe7Q\devdobsys.exeC:\Adobe7Q\devdobsys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3676
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD59ec08413a8675855d27aee529d585b83
SHA1e287a8b15098b77326420057970074f334321e2c
SHA256ac43effeac60f20a04831af35a79428dbb1cfcf08d3934b2ae848a3c3028d18d
SHA512067622506466281ee883d17bf5ed5877c9384bcd56e37313bf7ebbf6ed653fbea3eab163054d6c2a99c50247592429a38108329f65edff82edf0f603c4f38e65
-
Filesize
2.7MB
MD532223fba8559aead5e8dd281b6f8c042
SHA1405ee7ceb7ac58627a12c9d6d50b8141288d5ca4
SHA2568a79f41b2c3070e9cbc71cbd4176f76695dffdec25b8dfd271b5d21a068476dc
SHA512447d2fca2f517588b1ed6598ee657baaac6dd926e9747078425e3edb78a531d9b2b3a30196c0a4784dcc74e0c51aa5304ddd1d3f8143269f296227d12b865fc6
-
Filesize
203B
MD57b13af0e08656ae8b8625b5ab8178aa6
SHA1296727af38c5aef52c59e2a21aec38fc61348170
SHA256a314b2fdf3d91c82981f86b8d932f3240e96c047a687992e936e2a664fff76b2
SHA51298f924b768b6cfd02880c02f5de992b2d19bf09ace648d8cee6c09e4ce88ef5eb4ce10d1d6b55b299e651c502bc87d3de35fee3b76bd6e1d2dcb06aa75b0236d