Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 09:16

General

  • Target

    2fc01a8f8856ffee1b061a4774f92590_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    2fc01a8f8856ffee1b061a4774f92590

  • SHA1

    ad7981aa345c7d16a48267abf08de4a8f34cf00e

  • SHA256

    9c8a319b1f8dc5f5d5e65a41c94be89334edee2182c0241f48e95c26ff816611

  • SHA512

    48f339a702b2e875d05fe579e8ac2ce5f8cf79b015b8b1c8a6264022ce022965e15afb1097d32092c572667fd56767d253bfb5605ff7a67e994176b4a2195c1c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBR9w4Sx:+R0pI/IQlUoMPdmpSpl4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fc01a8f8856ffee1b061a4774f92590_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc01a8f8856ffee1b061a4774f92590_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Intelproc8E\xoptiloc.exe
      C:\Intelproc8E\xoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2272

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\253086396416_6.1_Admin.ini

          Filesize

          208B

          MD5

          3d50f4257a816d6449624d78d4ec8ac9

          SHA1

          348b6b5aa0afbdd0d4eea1b7d83822ea7fbba825

          SHA256

          678e68a4965d59516df46e0a6de1233968a94cdaaae388c70eb98427e138bd06

          SHA512

          7802b33a515570467ccb467387276bbfefb19e19b02c98c80f91008b8460adcc3773c811198c7321085a200e1f825bb7d7046416b9e0e95dc9134b426216a657

        • C:\VidIA\dobdevec.exe

          Filesize

          2.7MB

          MD5

          40279f569e3ea12b3dbb541015dfc22b

          SHA1

          03db93fd221298b84ed38467a058a231e100bcdd

          SHA256

          74e4a7883e810edd198fdec9d7e3af8660b138a4cc37f5b797a6b85690ca649f

          SHA512

          66b356b621a46508ad16c8b2e37faf6f3810741cb17860a975d6b10c1f1d0335e0e60ae7d0e05a441381ad04b2baec5ff373265d4f5cd30f7912cb9111f8cd77

        • \Intelproc8E\xoptiloc.exe

          Filesize

          2.7MB

          MD5

          1f295081518b5fb0e2bfee588d561a7b

          SHA1

          e762c2aee2c71c1ad65364a7310a73d45d81c54d

          SHA256

          3d71a7ba324f96ea6c894b6586b44c03360f98e9e598175a0c937c7392b6534d

          SHA512

          592b6ec9bccde06cefcf6c2bc30ffd5b7ee4e5743a130aad8876fe2ff6df3c68b51570f321396542ec7c7a3969da8d9380eae1d13417adce92adbd57d2bd97fe