Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 06:01

General

  • Target

    355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe

  • Size

    3.7MB

  • MD5

    355e4e8d818785e2e7c6bebe150e5340

  • SHA1

    e1ba62107344fd90c14729c17325250b002a4532

  • SHA256

    9e8a28186a68b2f4684bae625ae8ff631efbfcc541872ccd850dce23cd021002

  • SHA512

    b2c916559a4586ae9de035b43979e2ae3156ba9935e4f4c4113e0f2c92bc2c1d448698e4f3e3c9feb6bc3345b0e87df65532d518e8bc57cb50e21f1bcf8fc35d

  • SSDEEP

    49152:WJLRfI7Z3clwHYooTclqt08Tf6WVZqx+NpPJ0yVDTm9HXmxUfVekv1BVekv1UY7w:MrtTf6W+oNpo9H22fVzvHVzvb7qH8p3Y

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\config.set

    Filesize

    34B

    MD5

    8131961a1f7a02a497c929e1b7cc2f01

    SHA1

    fb65adc101e377ddaec6537e752e30c016472ed5

    SHA256

    1734772ad6f465d3ce00e39818e92d5e06e893821021ef343311ff0998486fee

    SHA512

    40d09b945105f1dbce32b6049f09c117bc74d19db94b1b9e5f18df8c7409b9264e578247b8ecda2a7595795190e821af0ecdbfcac3b8dcdf4f9c58b8d274c91d

  • memory/2240-1-0x0000000002190000-0x0000000002191000-memory.dmp

    Filesize

    4KB

  • memory/2240-0-0x0000000000400000-0x00000000007BB000-memory.dmp

    Filesize

    3.7MB

  • memory/2240-27-0x0000000002190000-0x0000000002191000-memory.dmp

    Filesize

    4KB