90e49b5e3c24c22267ddce647e302d605355596fd015d6f1dac27b59b826bb17

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
Size

580KB
MD5

67d9ded235a33b66af8398465168ca60
SHA1

e21ebbf56d93da932b1803b86d079d96c8f59301
SHA256

90e49b5e3c24c22267ddce647e302d605355596fd015d6f1dac27b59b826bb17
SHA512

bd4638b1939af19930a59ed14df5224cccb5d7bad94c20b4ee5e492063a006809d1663f18fe19ce373c552fce22e5b400e179d2191a5f92aef35dca5f21c6034
SSDEEP

12288:Otfu3bk/pEUSlde0zk/Ltxids16UPPrA8AdqH1ZqtPHbFnCFpEUVkwoe6x+zwZSp:O9u3bk/pEUSlde0zk/Ltxids16UPPsTB

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2788	ISL_Light_Client_4_4_2332_44 83358738.exe

Loads dropped DLL 3 IoCs

pid	Process
2192	67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
2192	67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
2788	ISL_Light_Client_4_4_2332_44 83358738.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2788	ISL_Light_Client_4_4_2332_44 83358738.exe
2788	ISL_Light_Client_4_4_2332_44 83358738.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2788	ISL_Light_Client_4_4_2332_44 83358738.exe
2788	ISL_Light_Client_4_4_2332_44 83358738.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2788	ISL_Light_Client_4_4_2332_44 83358738.exe
2788	ISL_Light_Client_4_4_2332_44 83358738.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2788	2192	67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 2788	2192	67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 2788	2192	67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 2788	2192	67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1717774519_2192_3040_991927659\ISL_Light_Client_4_4_2332_44 83358738.exe
  ISL_Light_Client_4_4_2332_44_83358738.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1717774519_2192_3040_991927659\ISL_Light_Client_4_4_2332_44 83358738.exe

Filesize
1.8MB

MD5
892e2361588d2303e14a6f2c2687fc07

SHA1
cad6fb8bd94a551a2bceb385cea2a864c620e13b

SHA256
010191ecc27b31156a2bb316e78a6099f883418a00c02d29f7e9daaff724d32c

SHA512
f2f14459de28bbe9da0b03e5cbcecc7c60d264bdeaa5c7f0bc2f33e7b228671922f82cd4eac4c9c2e3497586eaaa1a83bcca137ce8260023ec69ad7d75168722

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

Filesize
22KB

MD5
9e46cc76a4463a4d7315a605bc3e0c64

SHA1
d8c3d5e20bafb1d410960f6bae06f814947ec978

SHA256
3f9d33cfc2aa62dd39b3475be67032a039a9a2191711555611283ca5fd1c58cf

SHA512
77cc006305a121bcbab5c48b8461952157fb526c7a08a5a6e733edbc32f301f32166cc47674acfb9efa0691d514aadb121ea435772a4c9eaad819118804a7ebe

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

Filesize
5KB

MD5
4aabf8dc42060b293a2b57c4c21a1603

SHA1
b6d86cd20f487ddc84a069cefe59f0dd08b04d9a

SHA256
17da3a31ff14904bb49c0498890dddf61fc9e34eef7198a92683452f668ff821

SHA512
8de96a0610a949fe2a663fca48d7ec1ce857255f732c7229cad286d91c81d5928156cb1bac116b402c882c9e9467ef1ba5f6b9b57535f7b8aa500ba3681c1a52

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll

Filesize
3.1MB

MD5
24754b10246766dda98e82855e71c6ee

SHA1
893e291686669a5c82f4efa9da5f7bab1eae0ce6

SHA256
4b58e1b0d4eb121eda6754d8bdb018b4208b72175d9e2f1d627a575ff8cc50eb

SHA512
4cc1ab75d56d1e854f322ee8b0b4ee1d5a814ebf41ea3b318dc825581f8be6b2f359358cc89fbb38b03ea428e8fa5061ce504714ec8074948eb61503f7940a2d

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll

Filesize
1.3MB

MD5
3f3e59be7fcd410e4ca185d7714bded4

SHA1
d567e0fd73fead1b78ad5635028d90820de83c56

SHA256
e029e48c4e530a136bf0a167f4ea3a0d1f5b0366dcda134490f25c4a6e36c528

SHA512
4faf40425353789314e6eaae6bd74e243dde960b39d02f953ec47aa0b86008abe46dbc3a18792de3e1621a2a8484a24e93fae635c7a83464816d8d4f1d39f93b

Download Submit
memory/2788-108-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download