Overview
overview
8Static
static
33641695f09...cs.exe
windows7-x64
73641695f09...cs.exe
windows10-2004-x64
8Uninstall.exe
windows7-x64
3Uninstall.exe
windows10-2004-x64
3js/errorHandler.js
windows7-x64
3js/errorHandler.js
windows10-2004-x64
3js/localization.js
windows7-x64
3js/localization.js
windows10-2004-x64
3js/main.js
windows7-x64
3js/main.js
windows10-2004-x64
3js/metrika.js
windows7-x64
3js/metrika.js
windows10-2004-x64
3js/polyfills.js
windows7-x64
3js/polyfills.js
windows10-2004-x64
3js/statistics.js
windows7-x64
3js/statistics.js
windows10-2004-x64
3main.html
windows7-x64
1main.html
windows10-2004-x64
1run.hta
windows7-x64
1run.hta
windows10-2004-x64
8settings.hta
windows7-x64
8settings.hta
windows10-2004-x64
1settings.html
windows7-x64
1settings.html
windows10-2004-x64
1start.cmd
windows7-x64
1start.cmd
windows10-2004-x64
1Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 13:24
Static task
static1
Behavioral task
behavioral1
Sample
3641695f094ca0c1682dd132e5883810_NeikiAnalytics.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral2
Sample
3641695f094ca0c1682dd132e5883810_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Uninstall.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
Uninstall.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
js/errorHandler.js
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral6
Sample
js/errorHandler.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
js/localization.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
js/localization.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
js/main.js
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral10
Sample
js/main.js
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
js/metrika.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
js/metrika.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
js/polyfills.js
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral14
Sample
js/polyfills.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
js/statistics.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
js/statistics.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
main.html
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral18
Sample
main.html
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
run.hta
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral20
Sample
run.hta
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
settings.hta
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral22
Sample
settings.hta
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
settings.html
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral24
Sample
settings.html
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
start.cmd
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
start.cmd
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
settings.hta
-
Size
2KB
-
MD5
5fcbafe4e2e1f2e0ef7fd24bda8ba026
-
SHA1
14592d16442f0d941deb76b4283e47b2e883a029
-
SHA256
b4c138e5796bc6035b4ac818aa5eb691176d7e4397e101ea1c1f9d2a1ff1d683
-
SHA512
e380a7b203a62533d65b3550fc60ec61ba52c85cc49ad49d82bc6905c37d1406e1ab9621e2c3c0378ab168f434588592c66aa90fc8048ea0b5d8cf9304a0feae
Malware Config
Signatures
-
Blocklisted process makes network request 13 IoCs
flow pid Process 4 1508 mshta.exe 6 1508 mshta.exe 9 1508 mshta.exe 11 1508 mshta.exe 13 1508 mshta.exe 15 1508 mshta.exe 16 1508 mshta.exe 18 1508 mshta.exe 19 1508 mshta.exe 22 1508 mshta.exe 23 1508 mshta.exe 26 1508 mshta.exe 27 1508 mshta.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main mshta.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 mshta.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e mshta.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e mshta.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b