58d8cbe5afd2383384458fe78138091dd24fd8207441a2ad7c08ddde9d06f1bd

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12-06-2024 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
Size

4.1MB
MD5

4c4ee091c3fbfab85d1a136d93db9550
SHA1

4b9f427220a352a9066e4354a8e7aabc31a4b480
SHA256

58d8cbe5afd2383384458fe78138091dd24fd8207441a2ad7c08ddde9d06f1bd
SHA512

f573e2152c3d1d2e11817ac8bbd42a37b7da86f442b41d7f4e3e110a84c394c6f9a9f2dd50794aeb61d79b15a7b56b463c64dea99b77b04ed90dc89089466a88
SSDEEP

98304:+R0pI/IQlUoMPdmpSp94ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdme5n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2792	xoptiec.exe

Loads dropped DLL 1 IoCs

pid	Process
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Adobe0S\\xoptiec.exe"	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintP0\\dobaloc.exe"	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
2792	xoptiec.exe
2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2792	2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe	28
PID 2972 wrote to memory of 2792	2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe	28
PID 2972 wrote to memory of 2792	2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe	28
PID 2972 wrote to memory of 2792	2972	4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4c4ee091c3fbfab85d1a136d93db9550_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Adobe0S\xoptiec.exe
  C:\Adobe0S\xoptiec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MintP0\dobaloc.exe

Filesize
4.1MB

MD5
78d0a9953753a1a84e2d89733ea71578

SHA1
7b28fe42f920a6cc0ff8852e4fa4b0b0a484f648

SHA256
1efe7b30bd24f961668f3637bc610f435ed09ea791a7ba25947d116bfa16540e

SHA512
2ceb429afb4b268d95053ee2ef53d66a9667732771b06d9d4b356d2043e4653e0147f652b984e2bc1e56d1435483e668e3cdfe5a02e3133fa4f19361b71c4834

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
200B

MD5
2b0036aee011518c02489de29d305117

SHA1
b7655e08271db16b0178cea161bf2e7954935a0e

SHA256
84128ecf23b6ebc3ccb955a6aaef474293a42d2e4a0cf136d523a2fc5ba3c6ef

SHA512
6fdbe8411072d96f333b80412e05a68b4d84eafd022fc73fd811eefb8eef65acee61a2dff0777dab4213eeee63e0240de7d069f90fb55b26246fdd4a291ee921

Download Submit
\Adobe0S\xoptiec.exe

Filesize
4.1MB

MD5
4c55f408e1e8f8f481b3f774dbafe1ad

SHA1
64d0e7927af4f4bc4b922995fcaaff32750b2f2e

SHA256
58f1b5c3bb8d254d10bcbafd7669d43e2a588f64786f89e1533b076076e616b1

SHA512
88f8d9a6b0a8e9c40243187385e433dd5085ec18a20a743fbf362e9d320cb05e4d018b002a9bba063d03f8d65aeeeeec1d5a0ad0cdce173a9ef9fa7c6498732f

Download Submit