Analysis

  • max time kernel
    121s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09-06-2024 06:55

General

  • Target

    14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe

  • Size

    234KB

  • MD5

    14a152a6f900338867bb2b57046309d0

  • SHA1

    04ff72200d79ead2cddebaa4a4492b18c99d82e1

  • SHA256

    e8336e435cc6fd4696bd3905f76cf77d2fed977b14eb04ff6266bac95a495e48

  • SHA512

    7f1559a57c317fab90a902188240c99ea79f1494d318be2d49e8c6e14888c25dd674e8be94829c711830592680b0b30a2b75f25728ff5f614cf88121a32d8dcb

  • SSDEEP

    1536:CcCsX1fCUfeCmsbUOuiavCbHqC0oemcaUxgqXXYGR0tC/l+3i9KS5uQSVX3C00sW:1aUfeCmjO1aab0ggYbs7cS5503C0LW

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    a96895e6f289f868442ba543d2837dab

    SHA1

    f4bf12dc4a37032dd4a4a4ae2e95a83ad5cb9c5c

    SHA256

    304d942177c071a997d9102a335ff7ffe7e77333786bc784633ad541eafa6dbb

    SHA512

    aca080c6748cde983e075421d29f1dc989aa820566ed006e2e249064341d3dd9b0dda635727d93dd39953abe6e2dcb9506c80296f265f53b7cd65c789289d36c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bf587c87a53201063eb0bcb7da9c81bc

    SHA1

    cb33a1657dfab06236b0c52305dcc2e8104463e9

    SHA256

    1a46f2cf0acad7600bcf2eaee7679eb00002421a05252fee55552d20102c96a5

    SHA512

    6b13e82b1f54c8b7e9bb43ad80074df4027a321231bc9af45223df7481eb36fc67082e1951a9eb9324ce712ff448723a1f177d00d6602c3d2b3b732b4786b24b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5fd4d3c2c34cf1ef6ddc5b872292cef7

    SHA1

    1da3857e29c115fda551317f7983c05d376a37a5

    SHA256

    96c607193d431684493387258e1572acfc114834b5fe307da7c7a9b38322e6b2

    SHA512

    d7a9c0d9e0b3c0a6ad9b801dd6678d69c9fb5b81d05264fb1fc7b0607439bc5af1f95ed81ec512e52054603a469d52fd03e2831580fb135c6693024b641e53e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0a730a65cb115c9eb82976d16caac95c

    SHA1

    24af5c2f3ae2f1b3317b032bc801ec027cf79ae1

    SHA256

    37b05e7f3c2db9d7601d1ee074895e7b2ecde74e739ec68c6108453f4249c963

    SHA512

    d780370a7296ed879c5ab75712ce4e5bbbf2819b47e86137877a2e6bf9fc8a9f65b78126deb155209e6b6bfe6c960564d77ed98a00ceaa331527c5614979bc93

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fef5f75c51dbf8cf111cbf67c810c454

    SHA1

    3d8f4700c52df6a7019b3595abd4a01ecedc39f9

    SHA256

    1d5555a88c4e4529b8838d1de2e9ca45aafcd347fa083f0e4c34e8e5c924a718

    SHA512

    2534ae4bcbad532c99a67ba4604890c19ef34aabb50674aeeecbf2974457c9eb68478487fa81f5fbab1eb8875b2e3bf081ca904d8e7a5be4daa0f306dbb1decd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    43d98fd9711c885f1e0e31d366151408

    SHA1

    92576709790d4a1e2b17cd8146f42f99ce4be2e7

    SHA256

    1f7e841c558f4d66440eb398dde61b54a31bfa266e5efbdd05d2740e5b67d2f6

    SHA512

    3ab385f8b96762f84b01870a03bdf5d9a34fa5d0aeeadb7aac1372585f2c0149ef062cb4fd2405498b9a08d260998d91bcf36b3488b23eb6b29508137f6d927c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a0046c7e6be71823e00aa661889f02c8

    SHA1

    301970b635917fff6737e8a729e9b97debef80c8

    SHA256

    1f6f748737971f82c495d66c271e6a60dd09fb8919df5399b5b52a1562bc8a34

    SHA512

    55850eea7eb10610a832081fbf19101550085d46ecb183fc9b9f3c9dbe92549bc4c74d6ad605fd5541e1910f90d25c709cc6baccdad20de2150656a1cca4c1c0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3f503fce1871eef3a7b8c60676aebf7c

    SHA1

    8d263ca0d6e2eeb660ed3aee8fcf5218ef5d7585

    SHA256

    decee5e0d8c91fb09e605564c52237c2dba9cc3b0b921592d35bf1cda3f5e7e5

    SHA512

    ad754af575076307941c9d4dbce5740d989b26536c587a46cb5ff42561f94c3607448732aa08024e275067a23bf93e9ccba4fc0e00f12300dfb65bfe29587cbc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    45470d6df34ba675e258b01d099a96a7

    SHA1

    87274977ef3192bf68e5be442fd4693beb1f42ea

    SHA256

    5bffe5218d07b48bd4f0abb079dd10928c3f386789f0966101d090be11b24ead

    SHA512

    dd0124816fc4673443bc3f830dd93e99657dfe0f74b83e3755580f9ed3bcd3e151dc35b6c4c301c2d789dce66c7ddd5be21c32beca3eeba1310a200f10e16567

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    35fcb9f6ad198fc239db3792eea4464b

    SHA1

    c281e034ed84782a32ea23fedf18fc0cf52ea7e6

    SHA256

    9213f817783bd778cfb0dee6371e2d3edeac9f037e8538a56d165f7b29099a6a

    SHA512

    25eba21c547007d2a3fa409b5c7c830c40377e0c82a84f2c617045faab61d4c92fc07fba11ba0f70d0e2387fcae79234718af287a443d53798ddd1689d492755

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    abc1fbbc4d43407718b5338453ca6e1e

    SHA1

    a3ee2a554a9969c943d48294b11f4e6d95b872ba

    SHA256

    b019cf7b2daa2daf510ca2b388084157be9bff8323a7c19670fb3fd0af15d251

    SHA512

    6fcdd226d9172f47757082124706a37d8fb68df938fab05e79907f2ee7e094edea283a516f8e1a940c773f6e09b8d2618948b6f3f91a9892a8d063104093e432

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1772d1c1505629e0f8269f72da29b5a6

    SHA1

    9303b16938597e3a8c819f95236a04878c2c5a62

    SHA256

    768edaf73f2df651ab9d4d5b7bf40a29245ed48cd90508d3bf859b3a3703120b

    SHA512

    599c23edacce02f8e27bdf8a1436ad34a0efc1a476095fad22e11e7b160bd1cfd9ed163451594d0d733d83647bbda29f76c250295ee74c7b9fb16e1c1ee888ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4e776c9e53b2cc377c8862249db03b53

    SHA1

    163e1f3bcb99788ee6b48861a2cf4a4145d5ddda

    SHA256

    996db2972611052a42bcf0580f1b5f3b32128f744f624777797c108e4b9f4fbc

    SHA512

    f1f5e81aa86b9a0fad3ec088e6aca04667377ca8d90cd940c730bf557a89c9b8489a77b038f932a9aeafc8e6306651ddf1a08c3e5cd564c346319ca8689046bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4aea899b929f39cd65ff5dd9109dd7da

    SHA1

    8e29bae71a083280510f8f98d6ffb1945f6a2f44

    SHA256

    0317228506a2e763b67d86aab909dd88f788db7d88aad1280b6b41386e4961be

    SHA512

    164c7e6de9100738616da5466db2973fd4b06a314d83c725f2f4b82f6f9538ee75ae174ccc9c971d8d04b6a96114035ccf61172fd07b56a59427ef1dda80296b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a23c6b46d01559f9b701762758195c91

    SHA1

    81408ef401263585884c8df5814c17e933ba24b3

    SHA256

    21b432cdfce9a167e15fbeda725223f78449b24fa8c452b55c5d7caf8467baf4

    SHA512

    30f94eeb7d9ef0553d97408aac0ad495bb73e8bea95bd800d317eb5e22b0afe2af277325dde25aed572773ced2ce3b06d0873090a476e0437239436b88ebead5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d7e10409370143b439486b6d0f820956

    SHA1

    f42eb8b4feba61267d9e59ec53a2f15b1e01c7d9

    SHA256

    591ca3d605dfba51b4f59e2db035313170071563217094e682fc96c5c9692051

    SHA512

    7d1381f45481281cf098e0c9d40f80febcd59dc0c01918f2e32b354e0da9141388df9426a5080a5405656a6f1302ca968dc49c57b55d76f08a86f5470148791e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    91a63ff65dc28f752e56bcd0e0701c96

    SHA1

    7ac64a7b98a1b30269ec38c8fbff51c505d9ee22

    SHA256

    d660fe1188172ec6b5fb76ed1f16375fa14b9fc318165f99da3772d91f451960

    SHA512

    cd62084be17ad2a50d1ea6dc83a428623cecffdb92d1e43078643e31b2ff031ff26a5a1209d4cbecb08c7a25439daa50d80e154b9bdec8281c715d8741a41916

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f35b0e7dc551368e8d4b16a8bab6c2df

    SHA1

    dd44f2820f998e11ffa8735ede8276cf3fabc697

    SHA256

    51334a3adfebb97b132d2f5a6449f7578eddc6c5727d4ac4cd7a96de65bf4245

    SHA512

    a24fbf14e443656a2174e7e31051b5d6961c795dbf5aa6226b010e30dba768b315c3309003663e0b46576b2ac87fcca1956e10ff1fcf8748447d4689e3a602fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c307dfc1e2d9989ef7f5a5ac175dbe9e

    SHA1

    bfb391a2c25062357c9e541b240fe8d7e976f9ba

    SHA256

    78b65453830d0ee9220624edfc5e6e615ff9a7dfcb38d0e77468f023544b63d6

    SHA512

    896b0077fd4640f160db9941c92733333e27b31c87ad93df706982c0c24909e696f861c640f8e4c91491f6d662ff38ca977e4779d92e591776a04ec028e1f2ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7d86d733fdcd113592d6fddb78b90140

    SHA1

    9e061651bc6608bdb8421c973a9a8cafe0c2c4b2

    SHA256

    3c90992ffa886f1ec876e5ca022191251f6d383b9aed68ab5344d9211a64c968

    SHA512

    f68431763f5d86dd7a8e232882478f19c0819822098ef38e3720a4a457a6deebabde1b2b303b3654d2d235ba6bc913e9a05b56801afac507b0fde4136505a66d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ea45c1868a1d952a96a2b8cfe973082f

    SHA1

    756bc56ab69deab3580b5a0c986509f81cbdac0f

    SHA256

    3fd9c38d9266dc5a3fdba1b084d97566ec4558617f4d5f0f37324a876272f931

    SHA512

    e739b46f91570f9d91eeb743008bc836463c942899df730871dfef4e311db44ff6a043afbb1bae816122ad8c93bbb152714a07f1b385f27c9a58b978bad8f71f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    646fe0e2503c610aa363e100afb13bc7

    SHA1

    eec01a1e7b4cd01255157c9e2bba5ff3b6c3d24d

    SHA256

    0f492f00f53661ef5dcfd4cfb8d6be6bef6e678afdda652c9236391a53180fc4

    SHA512

    3278c3c2963a1395896eb480ce6834743a53e78fec9da851312ff65afe98d2f15425695268761d8c54a11db1a3f061d74c5079979666f37064f149c5466fd3af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1c4c8015755059f4a9ce7c7d0279db1c

    SHA1

    c75e0870be6cefb6414ff998cd79e1611442677c

    SHA256

    e0ed5efbea9e5c2f46a8003ca24585992f85c50e902700ff3af3d1c6b8ef5cd8

    SHA512

    0a9496bcfc10564f565180b5c4fbfb4281c92e563858b4dbd1b552b102e4fed632c37e764f8b573c51ad7d7c1533bd82e680a3ebf7d8cae0c80ea1b152de7628

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    88ef17bbce61148a573dba6e1f0851e8

    SHA1

    55090b72ad49adad4552ac63f676740423811c2a

    SHA256

    911e389e1a684fc3176187c69ec40b3dbeddf5a55376fe9a508d1024cdf30be5

    SHA512

    3e1f1ae1d764e566cf2023faf3b32fac809779ff226b6b697362095030276d985ca605aac7460c0aa3e21d266348813e0560fa4e30b9229d4dab476e03618daf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ae81651e6cf91c6c13e5a04bdd1fef41

    SHA1

    fb5fba4e2c8cafa2c3757f360dba3b52b0b3147b

    SHA256

    f6b55c6ef73a41ff03323faedd61a18991e0f3aedc5d901fb078dfadc6f450cc

    SHA512

    6ffd65b8137e61ad937dfa47b88dfbcfc920f133f5eb9a6fba14f26f5fce3d920ee56c2dbdbcd7900ec4c6d5df7cabdd23c03b06550e693d3b2b6d8a46f5a74b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6dca3b0e47b9fdb4cbdca05156706182

    SHA1

    5bbceb0dd6f9b744ff6b057b3681b469bf17d232

    SHA256

    b95b29a2b2e2714b2027f8e29d45ea5d605152bdad9e4475366c7fa752ebd428

    SHA512

    e3ea074377a28f52eea835a684948a60cf1fe9b082523763df9d1e536bbfd369087b84ccaa29b663e495f2f06defde6cf7dcbc96ca2ed67695ca3b74992d1370

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a050b29937310ce6e064eadcd4e28568

    SHA1

    7969a9e7cc8237b87e6f40edc311a9c48b3f61b7

    SHA256

    3d8004fdc6d63c42459e30e4ae4484b20fdc01495cfad62f2af2abc71d141e44

    SHA512

    88e6dc412d26f6aef292ad076eae3170d5c76a7eeda7aee42a0881966081ef7341ae0501d13c03703736c67a3c8474668ba8655d4c5df0a579e87bb45dbfcf6e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b46cf3b97cdb3e0e6aed68c9c916ce4d

    SHA1

    672e9e867cacaab0d9aa8c6d548962f3655cd88f

    SHA256

    c0b61612997755a79cd3ac09320cd05718a2abfdc6f8f085afacfe6f3e570601

    SHA512

    d9bfcd5b9a55e9d6271cb95306ad06822dbefa82d06d45e3df960838bc2d876c187344e11f066b81b313166e5d15a2628ceb8bf5146f8134fd612220a84fb5d4

  • C:\Users\Admin\AppData\Local\Temp\Cab3C09.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar3CAC.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b