Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 11:28

General

  • Target

    333c162ad695fb918bd3aae018fae0d0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    333c162ad695fb918bd3aae018fae0d0

  • SHA1

    820251d7d47370a623e5c0e1b8f0e3b130449692

  • SHA256

    e06f0b3475cf372ae4ca2b4fc52a3b0a25ac32217e3fb44131bba88faf5bab22

  • SHA512

    cf18da3401aad5811dce2f68a5f499ae3c5a4ce3615daa4b9e81ddf4251825a7ecc9c70bc2d8fc839f81db068316011113cd1fd96c10fa2eb2896ac9c512e427

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB09w4Sx:+R0pI/IQlUoMPdmpSpe4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\333c162ad695fb918bd3aae018fae0d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\333c162ad695fb918bd3aae018fae0d0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\SysDrvZV\abodsys.exe
      C:\SysDrvZV\abodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2796

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\KaVBWE\dobaec.exe

          Filesize

          2.7MB

          MD5

          63bab2a3c7e25f2c9674fcb565918f94

          SHA1

          33aaa5ef7a0d2233a1ebc23c439fbeb390ee6d8f

          SHA256

          47c228f58f54921aa831b490f9a985a3f910768e51fe9f3dfcac8f467f95f9de

          SHA512

          647f142fef4458dfbda9880e5b130f131d586026ef6eccda01e59cc5ca69b668d0762a54d035c382ac3460baed9f01ae6c6df1dcd2f71f1aef593a2ada743431

        • C:\Users\Admin\253086396416_6.1_Admin.ini

          Filesize

          201B

          MD5

          428b50e02bab583797ed9ff924579807

          SHA1

          35eacf2b1cee25f42869cd7dec01194f3a5fd566

          SHA256

          de118ca96fe9a295e43f7bff2a03940446d223ca277fd8890f27d561595a49a5

          SHA512

          bc303de23513e3c68d763ed11b176c32a2bd508aeda1e3e4e767f2dffe19e66d7b5676c40058f880545a887e4bcdf86011804a5cb1574a0abc48c9571110b286

        • \SysDrvZV\abodsys.exe

          Filesize

          2.7MB

          MD5

          57e9ebbc849473f10b5c0bfae65d4ff1

          SHA1

          ce0db473a4a2ba3d3cfde2cc7d97a435e34fe798

          SHA256

          d14de5ea073acad60f2f6bb89d334a914f9a1b03856cf0c518a1e9aa993f0ec4

          SHA512

          887afdf1889c1b6e450bce7faa8213d0fe05423a099b030894e7ff474daba857626abc1541320af7818161f8227430fc28e6cdd27827ddd885d75c21563f9757