Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-06-2024 06:01
Static task
static1
Behavioral task
behavioral1
Sample
355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe
-
Size
3.7MB
-
MD5
355e4e8d818785e2e7c6bebe150e5340
-
SHA1
e1ba62107344fd90c14729c17325250b002a4532
-
SHA256
9e8a28186a68b2f4684bae625ae8ff631efbfcc541872ccd850dce23cd021002
-
SHA512
b2c916559a4586ae9de035b43979e2ae3156ba9935e4f4c4113e0f2c92bc2c1d448698e4f3e3c9feb6bc3345b0e87df65532d518e8bc57cb50e21f1bcf8fc35d
-
SSDEEP
49152:WJLRfI7Z3clwHYooTclqt08Tf6WVZqx+NpPJ0yVDTm9HXmxUfVekv1BVekv1UY7w:MrtTf6W+oNpo9H22fVzvHVzvb7qH8p3Y
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\ 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe = "1" 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe = "1" 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe = "1" 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe = "11000" 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 2240 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe 2240 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe 2240 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 2240 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe 2240 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe 2240 355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\355e4e8d818785e2e7c6bebe150e5340_NeikiAnalytics.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2240
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
34B
MD58131961a1f7a02a497c929e1b7cc2f01
SHA1fb65adc101e377ddaec6537e752e30c016472ed5
SHA2561734772ad6f465d3ce00e39818e92d5e06e893821021ef343311ff0998486fee
SHA51240d09b945105f1dbce32b6049f09c117bc74d19db94b1b9e5f18df8c7409b9264e578247b8ecda2a7595795190e821af0ecdbfcac3b8dcdf4f9c58b8d274c91d