Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
10/06/2024, 12:42
General
-
Target
14c70c1c5afde897eec7d88121922e40_NeikiAnalytics.exe
-
Size
89KB
-
MD5
14c70c1c5afde897eec7d88121922e40
-
SHA1
46f82e682d4f40ca3c072e74be37f9bb3c096b80
-
SHA256
8682fafa0d5544f9823692672ea1374626deaade5abf4d1bd73f90f97bfbc893
-
SHA512
a9fc8feb8b178f2103cbb093057cdf180f9cfe9dcd33b974125e1b78f1613551b5f05778b295a18ff3bd7d7ba76e164741f393edd276888f40b6b4dd58a1a1e5
-
SSDEEP
768:Qvw9816vhKQLroE4/wQRNrfrunMxVFA3b7gl5:YEGh0oEl2unMxVS3HgX
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\14c70c1c5afde897eec7d88121922e40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\14c70c1c5afde897eec7d88121922e40_NeikiAnalytics.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F151C70C-5CA5-4f56-80A4-2500E0575032}.exeC:\Windows\{F151C70C-5CA5-4f56-80A4-2500E0575032}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{696C5451-00E4-4de2-825F-A9635AFD4842}.exeC:\Windows\{696C5451-00E4-4de2-825F-A9635AFD4842}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4F453750-8B17-40e0-9AE1-F468E85D0E1C}.exeC:\Windows\{4F453750-8B17-40e0-9AE1-F468E85D0E1C}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BB5AC694-741A-4df3-AF73-8D98A2685529}.exeC:\Windows\{BB5AC694-741A-4df3-AF73-8D98A2685529}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{47BCED33-ED39-4bf5-82AD-294228BDE810}.exeC:\Windows\{47BCED33-ED39-4bf5-82AD-294228BDE810}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6409B0F2-C2CB-40e3-BE1C-9C4790E10359}.exeC:\Windows\{6409B0F2-C2CB-40e3-BE1C-9C4790E10359}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C3838924-59AA-4a54-ACF0-911339236F87}.exeC:\Windows\{C3838924-59AA-4a54-ACF0-911339236F87}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4ED573F2-81C0-44bd-B641-A4AD13CF7D15}.exeC:\Windows\{4ED573F2-81C0-44bd-B641-A4AD13CF7D15}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{87BABAB8-4555-47d8-BBBD-BF8E3A8EED7F}.exeC:\Windows\{87BABAB8-4555-47d8-BBBD-BF8E3A8EED7F}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{35F854C7-56EF-46ec-A058-4F6BCA03A27A}.exeC:\Windows\{35F854C7-56EF-46ec-A058-4F6BCA03A27A}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9442672D-0928-4925-8EB0-18F206C30D48}.exeC:\Windows\{9442672D-0928-4925-8EB0-18F206C30D48}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{35F85~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{87BAB~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4ED57~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C3838~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6409B~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{47BCE~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BB5AC~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4F453~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{696C5~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F151C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\14C70C~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
89KB
MD574f33bc7b7422cb8931180f938278a03
SHA1bd59655f803731aacbe1732fdfb23a21bd105064
SHA256dc7aadb954b461b6c90ea64d9352f30ef3503d1f2993202a3ed8148698319fe7
SHA51204ea5978aa5fe0c1fa1351ecd3362757001c870897bd49c6307c6ac59b24f0f2beb053ee57a72d2d502f91be1bf6c1d4c1c6e68ff70ae1bcf69ab613bd6f920e
-
Filesize
89KB
MD53ea3234691c3cf8413b4f53b486c9bce
SHA1c2647e0dff816a0da59446a10e8f96f3a7fbd742
SHA256fcac7b785c93bdc9718f3c7f3b64aca50eadf41df5ad18bde1f92c311d9e78db
SHA512a202195d0788a39305b8b8093dbd54c15da23fcb02f5d2c2c445f235459d18ef344ea46455ecbbc3a68c9676227a8a162b7c0c327bb83eae76f10ab5db7b1148
-
Filesize
89KB
MD585ebfe23a0462f22ad9244fabff573dc
SHA1354b08f3da3d0835867e752adc3ab112045019a8
SHA256d7fa8bc331581a511e1e3c0ff5cd0aa0f800e3571eac7284e7e888acc1576efb
SHA512082b5bb361853d948db5973cecd0b49b04192f81cad98cc256206a44bd61a2d58bb2ff3149f2016db0e218bb9a489f05a8adc09c3d84c640729d3737319132f0
-
Filesize
89KB
MD5049b1a0871ffba268f3ef4ef52d68d90
SHA10a60c42add20e28c33f0bc41e6ad0a6e621a2d99
SHA25679333c32595403ef47a9a23b83af3334edbd2fba86ca0916733128add8883c55
SHA5122be659460155b2062fe4891af5d13d6c19c220b824525247ef619310bc6a3400a9605ecb927115c78d4e20454cd72fbf0b79d2801c09408eb617eab5858b00b5
-
Filesize
89KB
MD5e5036a79c68d837fb65549d1fc84eed4
SHA1d44fdaaa09e6ea27e7afe50a05adcfa3943502a3
SHA2569866b08c2f3913c73802066f002edc84edae872fb658a1a7a12f67bca8dbd1a3
SHA51249eb9690b69374b79260da0b331265b3c3137bae1c086f50c917db23ebe73131cd9a42bbd133bef154ba7e195a2773d20333d8f2b322cf15e9e61d16089ce889
-
Filesize
89KB
MD543fd17cf5e8b316af79ed305b07c15b2
SHA14ae5b1503ad30c018461072233f79dbbed996a5f
SHA2565220a53f96c11c857d101e9d599a7451752a19ea42f19fdbe6b0bffef9298672
SHA5127b41017b60b48fa8405b1041b26d8151bd041ed9bba747c50b6e6543191762c34be97ade5549efd23546de34a4654c9658125e39e458902c1599d1a17abe9bf5
-
Filesize
89KB
MD5813cdb6a985859df765b507a948819ec
SHA15073d0810e1e52baeb37da95250ebbe4334cd086
SHA256702740735e298875fcfa9d79773a54467f85984c1ba6996f69fc2941b2426409
SHA512e823ef7371d8a73c6c2995db35a844566d0ca84f595f3c56d853d5b0dafced880f31e532ea6f5f8a1032586522c57c61dec0aae0a06d0ff1af5c790a2c4d77d4
-
Filesize
89KB
MD5dad4334a2030ba79649a291146138dcf
SHA1da07e59dbea03071fce8418d2769ce0d201db389
SHA25620f7d60383142f101efb5f7065f3f4b0152663f1d40f4b8ccf170a1f1f14593b
SHA512d4a5183997b35fb49dd7c894dd4defaebe654d85ed3e38686e6bf01c2d4bdb12e9ac0d5954608d2a01df7e1be1e7364ae7a83f26aefd646636b201e7e9b526ab
-
Filesize
89KB
MD5f03581f2dcfcb20a4c9e8da021096adf
SHA1bc4e15ee13940d450b4ddc656ddd256d032fd220
SHA256e75c14fbb0cc83a4c86ae778c85f471a9c7e376f363d755ad8fe893cea31288b
SHA51268a41c9f4ea3c772b83eb1b7823247e2de5137842a4e9601b8732fb428601064e54e1b94de65246028de5edab116792a8162a3c86c6ec5e1d6d13639524f7470
-
Filesize
89KB
MD50d7f8e530e0e01a77c31811fbf2b7776
SHA10f6d2df5e08eb71f671b875d67d149169a11596e
SHA256f805c573acded5b48eb42142431e4fec6b7f4bc9b59210b54363148dbf745178
SHA5123c4e2c3c85e30653dae7d812310f75845d8ef9c09fdb157af2f9ad72e8a46da7bde9a02ba3ee32effbda93bd94cbd1f553effa5d319be9483a143c52c23c2162
-
Filesize
89KB
MD52d1bc5feb125ee7269af92f91db50fc0
SHA12691c41418d02ac101572f0433be295bef62cc3b
SHA256789c1158cf04adbf9b78e47f83d6c6c07a4865a6039737023398766a924c9a72
SHA51285ab484f5f004d54157976a0773d0fe204107544c5ca6131e3055836e85d4e9b5d50421cb46155911112e9fc3006f4db45f4064ee783d5aced44cc24b19d8ce8