Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07/06/2024, 15:35
Static task
static1
Behavioral task
behavioral1
Sample
67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
-
Size
580KB
-
MD5
67d9ded235a33b66af8398465168ca60
-
SHA1
e21ebbf56d93da932b1803b86d079d96c8f59301
-
SHA256
90e49b5e3c24c22267ddce647e302d605355596fd015d6f1dac27b59b826bb17
-
SHA512
bd4638b1939af19930a59ed14df5224cccb5d7bad94c20b4ee5e492063a006809d1663f18fe19ce373c552fce22e5b400e179d2191a5f92aef35dca5f21c6034
-
SSDEEP
12288:Otfu3bk/pEUSlde0zk/Ltxids16UPPrA8AdqH1ZqtPHbFnCFpEUVkwoe6x+zwZSp:O9u3bk/pEUSlde0zk/Ltxids16UPPsTB
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2788 ISL_Light_Client_4_4_2332_44 83358738.exe -
Loads dropped DLL 3 IoCs
pid Process 2192 67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe 2192 67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe 2788 ISL_Light_Client_4_4_2332_44 83358738.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2788 ISL_Light_Client_4_4_2332_44 83358738.exe 2788 ISL_Light_Client_4_4_2332_44 83358738.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 2788 ISL_Light_Client_4_4_2332_44 83358738.exe 2788 ISL_Light_Client_4_4_2332_44 83358738.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2788 ISL_Light_Client_4_4_2332_44 83358738.exe 2788 ISL_Light_Client_4_4_2332_44 83358738.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2192 wrote to memory of 2788 2192 67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe 28 PID 2192 wrote to memory of 2788 2192 67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe 28 PID 2192 wrote to memory of 2788 2192 67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe 28 PID 2192 wrote to memory of 2788 2192 67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1717774519_2192_3040_991927659\ISL_Light_Client_4_4_2332_44 83358738.exeISL_Light_Client_4_4_2332_44_83358738.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2788
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1717774519_2192_3040_991927659\ISL_Light_Client_4_4_2332_44 83358738.exe
Filesize1.8MB
MD5892e2361588d2303e14a6f2c2687fc07
SHA1cad6fb8bd94a551a2bceb385cea2a864c620e13b
SHA256010191ecc27b31156a2bb316e78a6099f883418a00c02d29f7e9daaff724d32c
SHA512f2f14459de28bbe9da0b03e5cbcecc7c60d264bdeaa5c7f0bc2f33e7b228671922f82cd4eac4c9c2e3497586eaaa1a83bcca137ce8260023ec69ad7d75168722
-
Filesize
22KB
MD59e46cc76a4463a4d7315a605bc3e0c64
SHA1d8c3d5e20bafb1d410960f6bae06f814947ec978
SHA2563f9d33cfc2aa62dd39b3475be67032a039a9a2191711555611283ca5fd1c58cf
SHA51277cc006305a121bcbab5c48b8461952157fb526c7a08a5a6e733edbc32f301f32166cc47674acfb9efa0691d514aadb121ea435772a4c9eaad819118804a7ebe
-
Filesize
5KB
MD54aabf8dc42060b293a2b57c4c21a1603
SHA1b6d86cd20f487ddc84a069cefe59f0dd08b04d9a
SHA25617da3a31ff14904bb49c0498890dddf61fc9e34eef7198a92683452f668ff821
SHA5128de96a0610a949fe2a663fca48d7ec1ce857255f732c7229cad286d91c81d5928156cb1bac116b402c882c9e9467ef1ba5f6b9b57535f7b8aa500ba3681c1a52
-
Filesize
3.1MB
MD524754b10246766dda98e82855e71c6ee
SHA1893e291686669a5c82f4efa9da5f7bab1eae0ce6
SHA2564b58e1b0d4eb121eda6754d8bdb018b4208b72175d9e2f1d627a575ff8cc50eb
SHA5124cc1ab75d56d1e854f322ee8b0b4ee1d5a814ebf41ea3b318dc825581f8be6b2f359358cc89fbb38b03ea428e8fa5061ce504714ec8074948eb61503f7940a2d
-
Filesize
1.3MB
MD53f3e59be7fcd410e4ca185d7714bded4
SHA1d567e0fd73fead1b78ad5635028d90820de83c56
SHA256e029e48c4e530a136bf0a167f4ea3a0d1f5b0366dcda134490f25c4a6e36c528
SHA5124faf40425353789314e6eaae6bd74e243dde960b39d02f953ec47aa0b86008abe46dbc3a18792de3e1621a2a8484a24e93fae635c7a83464816d8d4f1d39f93b