Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 09:37

General

  • Target

    3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    3051fc1b6df514e84525d98029fb7200

  • SHA1

    45d985399c9992e95fb5609172bb43722c59e9d7

  • SHA256

    7a3a725cfb1e065a5325570141799ed98405165dee987f13ef088afc71d6fa9d

  • SHA512

    abf55de3c41cdf57c5e0a7657b49d68cc80c0e2ec5a8d66844325272999802064c3403abf03d9875e22272430a2d8419c6eb37a22a0936039ab2bf27a47b8106

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSpA4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\SysDrvZD\adobloc.exe
      C:\SysDrvZD\adobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1220

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\KaVB23\bodasys.exe

          Filesize

          2.7MB

          MD5

          df8f105390fcebef8a3f9bfb7c76d85f

          SHA1

          ca0635ab14d730294efe24f751897bf9b436a258

          SHA256

          144e9a4b054ed6addb2325da622715565977bee1297dc6e103f6374064cd65bc

          SHA512

          290879e11f90a4b20fca1a600ea9991703026488c4df8286d25612596f0ca77073aeaa34c4da8a2d60cd22577f699647840b38693cdf632cf2e633d9546d6f4a

        • C:\Users\Admin\253086396416_6.1_Admin.ini

          Filesize

          201B

          MD5

          82f6c873d51352577e7757e683da1133

          SHA1

          8d89561cdda9fb424aa673fd4fb5b62cb0ceb468

          SHA256

          0aaed73ef2ea9ebcef3403cab1bd9b5afa9b0333366a8cff8e876aaf42df47fa

          SHA512

          a1371b4c4312d3bbc77a5ff9c44a85d072140d015fe57bfe4b5b979fdd1fed28c683feddee7bc3d95df401137a6eaa8497556c77896dcd9bb3369ec82f4d895e

        • \SysDrvZD\adobloc.exe

          Filesize

          2.7MB

          MD5

          8012b9f0209cd637974467411efdd658

          SHA1

          534b777fdaed4936b6ad08adb5233423ecfe8e91

          SHA256

          9eab8a140b37fd5896241f9b10819afdac28a411afbb682b9bd59c7d50d4d8d4

          SHA512

          c65651b9b152a2d3a8c1f9b56fe6f1030d723dc2085d02c3e1b9e518f316180822d6134329e6e78e325bb5d55b66b6eb7e97f27c4ec0c5ea8a1cda292347afa0