Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 07:12

General

  • Target

    977d436f6b994ebd49a3a195c47ed9c0_NeikiAnalytics.exe

  • Size

    1.3MB

  • MD5

    977d436f6b994ebd49a3a195c47ed9c0

  • SHA1

    1009e3b0df7faeb187fb3a410367126e28c3b1a0

  • SHA256

    5a0e0ffda4d8ddeed62772838878b03af6064e78635fb4ec6f440ec4818dbc1d

  • SHA512

    3ee7b3d0f5492a26a5b849a2b7e146515b7ccf828571885500e8b3f2475128c4f8802f38401afe4cf0bf0a50c94a3fda965b2bf92f18e9fe8ea420ac90500d80

  • SSDEEP

    24576:nAD3HRNtvJ2QY6ynjTdcpLmBtMs51aoflG4/iMtQkSNSFkeKvvvvLpphd7d8ddP7:nkpBs5dlG4/i0QkSoeeKvvvvLpphd7dq

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\977d436f6b994ebd49a3a195c47ed9c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\977d436f6b994ebd49a3a195c47ed9c0_NeikiAnalytics.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"
      2⤵
        PID:2612

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\Microsoft\Config.ini

            Filesize

            92B

            MD5

            0a09f354748324840a98a09a15172fb8

            SHA1

            41dc1d5cb5f99590ea7b83516be4ca616707932a

            SHA256

            31a81ee87f0c6987d56d48ccac000d92e2a4efdb6b2f84787e9ef420d9f91c7d

            SHA512

            f21a7c0f5f13285b5faa1fdaca04d15460d9b436eda4bb98a761bdb02b802f00c1c5727d84c97565891d317cd2dbc92ac370ecb8c248082a83a51558cd63bda8

          • C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs

            Filesize

            736B

            MD5

            de6eebab6b36f9ae12b5b01429bb54aa

            SHA1

            d688b459ede876ae63c50ab26ef6204101c590fd

            SHA256

            4599607c660eee2c763fdef2950961c6bd6fe014f71f7ce88d69cb50e2cf2c0a

            SHA512

            0c2bb364ca266929ca3ffc325d1a51b8e0441c4bdab8550a838dfa5852805f8355223d0980bb23fdf700077cf018416eca0d5ef269cb4cdfe031e873535b7a9b

          • C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe

            Filesize

            1.3MB

            MD5

            d0bdcafbec62b21f02b2da1861fde3d0

            SHA1

            76db0e03d3ee996335ee9708c41a8d8b1b58d649

            SHA256

            4d273a9b64cc53928a08b4edc2d3359be2746761c3d72941f78a716774dc6c81

            SHA512

            2f979ee5ad1812f25d2f5eff51da0295cf2053a05d042c35c86b1c73e6758358256129909a494ea05b4c8a25ba4d5c0447dd34bc55be95973b466bea46da0fa7

          • memory/2368-0-0x0000000000400000-0x000000000054E000-memory.dmp

            Filesize

            1.3MB

          • memory/2368-14-0x0000000000400000-0x000000000054E000-memory.dmp

            Filesize

            1.3MB

          • memory/2368-17-0x0000000000400000-0x000000000054E000-memory.dmp

            Filesize

            1.3MB

          • memory/2368-20-0x0000000000400000-0x000000000054E000-memory.dmp

            Filesize

            1.3MB

          • memory/2368-24-0x0000000000400000-0x000000000054E000-memory.dmp

            Filesize

            1.3MB

          • memory/2368-27-0x0000000000400000-0x000000000054E000-memory.dmp

            Filesize

            1.3MB

          • memory/2368-30-0x0000000000400000-0x000000000054E000-memory.dmp

            Filesize

            1.3MB

          • memory/2368-33-0x0000000000400000-0x000000000054E000-memory.dmp

            Filesize

            1.3MB