Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 09:37
Static task
static1
Behavioral task
behavioral1
Sample
3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
3051fc1b6df514e84525d98029fb7200
-
SHA1
45d985399c9992e95fb5609172bb43722c59e9d7
-
SHA256
7a3a725cfb1e065a5325570141799ed98405165dee987f13ef088afc71d6fa9d
-
SHA512
abf55de3c41cdf57c5e0a7657b49d68cc80c0e2ec5a8d66844325272999802064c3403abf03d9875e22272430a2d8419c6eb37a22a0936039ab2bf27a47b8106
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSpA4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1220 adobloc.exe -
Loads dropped DLL 1 IoCs
pid Process 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVB23\\bodasys.exe" 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrvZD\\adobloc.exe" 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 1220 adobloc.exe 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3044 wrote to memory of 1220 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 28 PID 3044 wrote to memory of 1220 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 28 PID 3044 wrote to memory of 1220 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 28 PID 3044 wrote to memory of 1220 3044 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3044 -
C:\SysDrvZD\adobloc.exeC:\SysDrvZD\adobloc.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1220
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5df8f105390fcebef8a3f9bfb7c76d85f
SHA1ca0635ab14d730294efe24f751897bf9b436a258
SHA256144e9a4b054ed6addb2325da622715565977bee1297dc6e103f6374064cd65bc
SHA512290879e11f90a4b20fca1a600ea9991703026488c4df8286d25612596f0ca77073aeaa34c4da8a2d60cd22577f699647840b38693cdf632cf2e633d9546d6f4a
-
Filesize
201B
MD582f6c873d51352577e7757e683da1133
SHA18d89561cdda9fb424aa673fd4fb5b62cb0ceb468
SHA2560aaed73ef2ea9ebcef3403cab1bd9b5afa9b0333366a8cff8e876aaf42df47fa
SHA512a1371b4c4312d3bbc77a5ff9c44a85d072140d015fe57bfe4b5b979fdd1fed28c683feddee7bc3d95df401137a6eaa8497556c77896dcd9bb3369ec82f4d895e
-
Filesize
2.7MB
MD58012b9f0209cd637974467411efdd658
SHA1534b777fdaed4936b6ad08adb5233423ecfe8e91
SHA2569eab8a140b37fd5896241f9b10819afdac28a411afbb682b9bd59c7d50d4d8d4
SHA512c65651b9b152a2d3a8c1f9b56fe6f1030d723dc2085d02c3e1b9e518f316180822d6134329e6e78e325bb5d55b66b6eb7e97f27c4ec0c5ea8a1cda292347afa0