Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 09:16

General

  • Target

    2fc01a8f8856ffee1b061a4774f92590_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    2fc01a8f8856ffee1b061a4774f92590

  • SHA1

    ad7981aa345c7d16a48267abf08de4a8f34cf00e

  • SHA256

    9c8a319b1f8dc5f5d5e65a41c94be89334edee2182c0241f48e95c26ff816611

  • SHA512

    48f339a702b2e875d05fe579e8ac2ce5f8cf79b015b8b1c8a6264022ce022965e15afb1097d32092c572667fd56767d253bfb5605ff7a67e994176b4a2195c1c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBR9w4Sx:+R0pI/IQlUoMPdmpSpl4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fc01a8f8856ffee1b061a4774f92590_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc01a8f8856ffee1b061a4774f92590_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:884
    • C:\IntelprocRG\devbodec.exe
      C:\IntelprocRG\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4760

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\GalaxO8\dobdevsys.exe

          Filesize

          2.7MB

          MD5

          200b954b182c0b10ad20302a66bc97ff

          SHA1

          359c4c520934c4a706c174bbefc57451d7c3e192

          SHA256

          ed7f640f079553f4b6e4b1bfb9a785bbee3da2ad291cb21c4b0adbb5488d62df

          SHA512

          6f3960f07cefa63db2a229778d23d0a6a66f24895fb050ef70972464f4b5c72cd19dcc47af725a6c2bce4f97c4a63dc031a2ecbbd48e926f2bb03d4ad4c658f6

        • C:\IntelprocRG\devbodec.exe

          Filesize

          2.7MB

          MD5

          d46c75284cd254ceeabe47ab5b77b485

          SHA1

          cc395bc6225ee9c0c2c90e826baadfe5ae0db82d

          SHA256

          334510469bdc8c90ec153d896bae55f6a66aec2db4f0ebf5f497580b9146348f

          SHA512

          829e4e18e1a504c1217c9bb6aa9a9be13f8927b482b9f9931f3e53926fc4165d32ee7697c138d6f7b010c0aaa3c32488d0a5285ed7c198e41656cf266fad9b4f

        • C:\Users\Admin\253086396416_10.0_Admin.ini

          Filesize

          211B

          MD5

          e2945d61b85ac2fc7a73add19da4eef5

          SHA1

          68dc597c99eb7abaea839753f8d0e1d3132a08e0

          SHA256

          871b71af2a2bf9744618a2f8c7f2e53bb3335399d20ecb0954a60b50d2e7d2df

          SHA512

          2ab95ae480b9ed03702913c7a47d49a798d3ed8bc177c521a0e153d475acfb4dfffb62f73b2674c70a14bf3fa1382c04829b4bab213fa1049a34bff6b59c28bf