Analysis
-
max time kernel
149s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11/06/2024, 09:37
Static task
static1
Behavioral task
behavioral1
Sample
3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
3051fc1b6df514e84525d98029fb7200
-
SHA1
45d985399c9992e95fb5609172bb43722c59e9d7
-
SHA256
7a3a725cfb1e065a5325570141799ed98405165dee987f13ef088afc71d6fa9d
-
SHA512
abf55de3c41cdf57c5e0a7657b49d68cc80c0e2ec5a8d66844325272999802064c3403abf03d9875e22272430a2d8419c6eb37a22a0936039ab2bf27a47b8106
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSpA4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4528 adobloc.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Files2E\\adobloc.exe" 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintAQ\\optiaec.exe" 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 4528 adobloc.exe 4528 adobloc.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 400 wrote to memory of 4528 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 81 PID 400 wrote to memory of 4528 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 81 PID 400 wrote to memory of 4528 400 3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3051fc1b6df514e84525d98029fb7200_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:400 -
C:\Files2E\adobloc.exeC:\Files2E\adobloc.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4528
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD51c3bf2f0300ac85a570f9d515d6c3c64
SHA1af0eab0efe02293ec78b5a34f1bbd0854604414c
SHA256a8a12e6484266f166c1b5bf04fb0e7a7b1d8858b958a89ee409f1e30c47c0686
SHA5129fab2638171024a0e75f45bd7e4be40ff2c07d3fbeb073f1ebb33417effcf721b103907d7a0bdc63eddfc8f127892593f61577a4170754a995d09d706ea76955
-
Filesize
2.7MB
MD53d7d2512b15631e2d354d7b0a0b6e77f
SHA152571fceb5c99db257a17a1530e71b86001d8a9c
SHA25673c3a19a6e4a438d18451d9f941170a68f3d5627d1213bbbc9e40cb405aec677
SHA512b018fb01657248a309d21b49e59f04561de21ce8b6198d70c29a2fae142eb26da0d85ec3a298d900ec420fdda2575cd2f769ba29812d517c0614983db87311d1
-
Filesize
199B
MD5815a319edff5c4447465eee118613e95
SHA142c1d0f461598d5afc50b4c67b9f5f209e5aed06
SHA2563cf6e53a65ccb3d6b1de5670c73749dd9f09e4599d0224e750a696d9f9e2a56e
SHA512b56e86a707378d011c62d97d2b2c854ed2a0de579d28f1e143e275094cf7a1bb0e4a0bc5cd130c5f620fa28240d62d5ae2cb43c7c06a8f353b82d2d4ad95ae58