90e49b5e3c24c22267ddce647e302d605355596fd015d6f1dac27b59b826bb17

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
Size

580KB
MD5

67d9ded235a33b66af8398465168ca60
SHA1

e21ebbf56d93da932b1803b86d079d96c8f59301
SHA256

90e49b5e3c24c22267ddce647e302d605355596fd015d6f1dac27b59b826bb17
SHA512

bd4638b1939af19930a59ed14df5224cccb5d7bad94c20b4ee5e492063a006809d1663f18fe19ce373c552fce22e5b400e179d2191a5f92aef35dca5f21c6034
SSDEEP

12288:Otfu3bk/pEUSlde0zk/Ltxids16UPPrA8AdqH1ZqtPHbFnCFpEUVkwoe6x+zwZSp:O9u3bk/pEUSlde0zk/Ltxids16UPPsTB

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1840	ISL_Light_Client_4_4_2332_44 83358738.exe

Loads dropped DLL 2 IoCs

pid	Process
3484	67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
1840	ISL_Light_Client_4_4_2332_44 83358738.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1840	ISL_Light_Client_4_4_2332_44 83358738.exe
1840	ISL_Light_Client_4_4_2332_44 83358738.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1840	ISL_Light_Client_4_4_2332_44 83358738.exe
1840	ISL_Light_Client_4_4_2332_44 83358738.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1840	ISL_Light_Client_4_4_2332_44 83358738.exe
1840	ISL_Light_Client_4_4_2332_44 83358738.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 1840	3484	67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe	86
PID 3484 wrote to memory of 1840	3484	67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe	86
PID 3484 wrote to memory of 1840	3484	67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe	86

C:\Users\Admin\AppData\Local\Temp\67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1717774524_3484_2880_1766110961\ISL_Light_Client_4_4_2332_44 83358738.exe
  ISL_Light_Client_4_4_2332_44_83358738.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll

Filesize
3.1MB

MD5
24754b10246766dda98e82855e71c6ee

SHA1
893e291686669a5c82f4efa9da5f7bab1eae0ce6

SHA256
4b58e1b0d4eb121eda6754d8bdb018b4208b72175d9e2f1d627a575ff8cc50eb

SHA512
4cc1ab75d56d1e854f322ee8b0b4ee1d5a814ebf41ea3b318dc825581f8be6b2f359358cc89fbb38b03ea428e8fa5061ce504714ec8074948eb61503f7940a2d

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll

Filesize
1.3MB

MD5
3f3e59be7fcd410e4ca185d7714bded4

SHA1
d567e0fd73fead1b78ad5635028d90820de83c56

SHA256
e029e48c4e530a136bf0a167f4ea3a0d1f5b0366dcda134490f25c4a6e36c528

SHA512
4faf40425353789314e6eaae6bd74e243dde960b39d02f953ec47aa0b86008abe46dbc3a18792de3e1621a2a8484a24e93fae635c7a83464816d8d4f1d39f93b

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1717774524_3484_2880_1766110961\ISL_Light_Client_4_4_2332_44 83358738.exe

Filesize
1.8MB

MD5
892e2361588d2303e14a6f2c2687fc07

SHA1
cad6fb8bd94a551a2bceb385cea2a864c620e13b

SHA256
010191ecc27b31156a2bb316e78a6099f883418a00c02d29f7e9daaff724d32c

SHA512
f2f14459de28bbe9da0b03e5cbcecc7c60d264bdeaa5c7f0bc2f33e7b228671922f82cd4eac4c9c2e3497586eaaa1a83bcca137ce8260023ec69ad7d75168722

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

Filesize
5KB

MD5
5728f19bc0060256ee2fe8138a47c38b

SHA1
cfff13e8bbfdfba1ff72a304d0cd63ed21100881

SHA256
d197c6b46f3e8c8c403581f7514b984aa8be0a7ab78bce0c0612ef67c4e85b2f

SHA512
a8c9dd2d23b5daaa84f08dc935e88d1912979212d01e9b0fd73fced5251b4438ddfe618102ca95affb50c607ead6387301a3513d14f29839c50d02c7cee485f4

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

Filesize
25KB

MD5
308e2886aa9d6d33682d120a99da9106

SHA1
f9927c527f4f779577ef76c06be2197393a8fae0

SHA256
ad0c9deb0d71016829e5a0a992407abe072c946273f41985da0973de5e7dfda5

SHA512
87a34215d995d697dec93eb0d7319d64c3709abbf5ddcbbb092176e6a51bd88da3efa89ecf4e5d514a6e8db5925b2ee6e633ac8f681925257a8cb61855d4221b

Download Submit
memory/1840-160-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/1840-159-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1840-158-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/1840-157-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/1840-156-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/1840-155-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download
memory/1840-154-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download