e56690451a25a11f9baf661746830d50ab7610dbff08683737d81b3ef86121a1

Analysis

max time kernel
141s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 12:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15abb11e275069e37e687a7c12d204b0_NeikiAnalytics.exe
Size

1.4MB
MD5

15abb11e275069e37e687a7c12d204b0
SHA1

ea984e3812a23ad8ce732e3999d24261d362837b
SHA256

e56690451a25a11f9baf661746830d50ab7610dbff08683737d81b3ef86121a1
SHA512

faaf0699a215d7ef24ca7213bd467d4a62a28facf50070f6c261a9b0a5f0f0ebf6c2c3cb31c388b10f91841b5f4279cfa6cda1802e1412af00dc881bab5eb026
SSDEEP

24576:pBhi+L6zmg0wdAS6ZsmpEuZHFHO3a6wolATE252KJoOBRri7UpiE52KJoWZKw/Ht:pe+L61dYrEupFu3/jlY2fO7e7y2fWZPl

Score

7^/10

persistence

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2548	15abb11e275069e37e687a7c12d204b0_NeikiAnalytics.exe
2548	15abb11e275069e37e687a7c12d204b0_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\DownloadTerms = "\"C:\\Users\\Admin\\AppData\\Local\\Temporary Files\\.exe\""	15abb11e275069e37e687a7c12d204b0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2548	15abb11e275069e37e687a7c12d204b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\15abb11e275069e37e687a7c12d204b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\15abb11e275069e37e687a7c12d204b0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3488 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd3370.tmp\System.dll

Filesize
23KB

MD5
125aebb055446fb52aa5956cf99e8a9a

SHA1
6b58fd08a8ff2763219cc6b0dcdb875f9970f850

SHA256
2e1b11ee20e5061ea86dc6b01e3efc659e887540afcab7317cdfd6a8eff87ec3

SHA512
5f85e48bd3ae2fd2be0595b93cbf74674e0281210688dcc73691178b295a702e8d43898afb6e5d8b7e82de98b4ee28194c9838ddf8279cde85f7fe48d34dc8b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd3370.tmp\UAC.dll

Filesize
13KB

MD5
431e5b960aa15af5d153bae6ba6b7e87

SHA1
e090c90be02e0bafe5f3d884c0525d8f87b3db40

SHA256
a6d956f28c32e8aa2ab2df13ef52637e23113fab41225031e7a3d47390a6cf13

SHA512
f1526c7e4d0fce8ab378e43e89aafb1d7e9d57ef5324501e804091e99331dd2544912181d6d4a07d30416fe17c892867c593aee623834935e11c7bb385c6a0a8

Download Submit
memory/2548-0-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2548-15-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2548-16-0x000000006E3C0000-0x000000006E3CD000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads