Analysis

  • max time kernel
    149s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 11:28

General

  • Target

    333c162ad695fb918bd3aae018fae0d0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    333c162ad695fb918bd3aae018fae0d0

  • SHA1

    820251d7d47370a623e5c0e1b8f0e3b130449692

  • SHA256

    e06f0b3475cf372ae4ca2b4fc52a3b0a25ac32217e3fb44131bba88faf5bab22

  • SHA512

    cf18da3401aad5811dce2f68a5f499ae3c5a4ce3615daa4b9e81ddf4251825a7ecc9c70bc2d8fc839f81db068316011113cd1fd96c10fa2eb2896ac9c512e427

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB09w4Sx:+R0pI/IQlUoMPdmpSpe4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\333c162ad695fb918bd3aae018fae0d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\333c162ad695fb918bd3aae018fae0d0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:344
    • C:\UserDotGH\devdobloc.exe
      C:\UserDotGH\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1940

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\MintRO\dobaec.exe

          Filesize

          14KB

          MD5

          3ed08d693b317babf4a1816702acfdd0

          SHA1

          d80195aa289cbaee52acfecc4c9eab29ed3dea31

          SHA256

          d0ea3eb204fb4518d62ad6821690e91864d8535063915b32b4f876dfab3f033d

          SHA512

          6b81b52697973732bcefc930bb4e604d120c91e6a0f92526d1f1eb909f36eb6a6023b5ce53e71cebc787fc25242075bde5b6a1820662484647b1a87ec1572e99

        • C:\UserDotGH\devdobloc.exe

          Filesize

          2.7MB

          MD5

          6425136f453df6b11cdf8384a8bc6e52

          SHA1

          f305278b1ffa048c208c2e820bd34b659c56535e

          SHA256

          4c5704aa5e5fd2d871fbc8d57647fe0f9b57beb615fec3e520b96003f239e89e

          SHA512

          06156124b21e7761cffae858c9c9d4cac8ede3e4dc8e8b19ce0dd4b31ba2f03bfbc8629888fd027343c8150ab91889cf7eceeeb384917ebc3e5fb85da6e9fb23

        • C:\Users\Admin\253086396416_10.0_Admin.ini

          Filesize

          204B

          MD5

          ab490b7f5e846aacbf9d16515bfc7233

          SHA1

          8d2e8da5f6ef826194aa1774557cd8a66e263dc1

          SHA256

          4f42434817a5063c12a0814a22583f59170dbb1807140b0630843631e5d9c244

          SHA512

          413d0c9195a82aeb37e8fb0aaea239d08442aa3a8e5ab2053ba436d0a42356201b06187cc993ff1ea83e35d29423a3520c5eaa5c579758b62831ce908e5738b2