2c3dbabb4eab632b8d6815e3603a37a228bac4317dd4a119b794a7dda111b1e6

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
Size

2.7MB
MD5

0ce5af65b5b67c6981f356d83034dc10
SHA1

f2ee5ede9825c81cabbc30f5ed8fba248ed24a0b
SHA256

2c3dbabb4eab632b8d6815e3603a37a228bac4317dd4a119b794a7dda111b1e6
SHA512

4041814d5a6ef3a707a0bb727c486b3e6123f8cc12a2fa5380a4e6f7e2ba47627ba78b4fa358e09a0089706e3df6746f18cfbf91e1f7a799a700a848c9ae769d
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB29w4Sx:+R0pI/IQlUoMPdmpSpY4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5068	devdobec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\AdobeLI\\devdobec.exe"	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVB2X\\optidevsys.exe"	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
5068	devdobec.exe
5068	devdobec.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 5068	1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe	83
PID 1412 wrote to memory of 5068	1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe	83
PID 1412 wrote to memory of 5068	1412	0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe	83

C:\Users\Admin\AppData\Local\Temp\0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0ce5af65b5b67c6981f356d83034dc10_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1412
- C:\AdobeLI\devdobec.exe
  C:\AdobeLI\devdobec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\AdobeLI\devdobec.exe

Filesize
2.7MB

MD5
00c4d2207fa9a020d123a5bc37ae606b

SHA1
dfdc09f4eaada473a9aa8a2640da5bb67f451e47

SHA256
3c8d600e99c70fbd488db749997bb444b60501aba99b1f6bf330dadd066e0c49

SHA512
1268c86d853a22e04ba449e6a18e4586a08d77c4ab7069b390d1b75043bfdd783fb7741cc24e245a07fe74747d77485ade11480dcb0e34fa0877649c0d64ac67

Download Submit
C:\KaVB2X\optidevsys.exe

Filesize
210KB

MD5
d789d0e0bb07fbabf5c58170123d7681

SHA1
6ab54b337b377f3acc27837a85dc2ee330be6906

SHA256
bee60e3f3acfb27fa307c5554fceeebbacfe5ebb1c486723863e39c2280fb183

SHA512
ae05f3bededf97fad664ed001fbec95e9b7aa748f9fed32d5355bf9a6d79a51e9cd73744f36ec1a2aec5af1a4666e6f14db4b113782b230682c0e3f02195e5ed

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
203B

MD5
5f515b7f3b09ee83f0146128ab65fa7f

SHA1
62bb8612638d08a9e051d320337b20906e307ac2

SHA256
d18c51ed066371183417982bcdaf899a94856db59c1f3d9b519462db356b4b7d

SHA512
1e68bf512c7e686bea53c62ff7e2186b10149f10b80f688ce5d1efb8e01b9e56945cdc0452aa2e8ca365975d750516805eda4b2fdb4b16d990029ac5f23859b7

Download Submit