e0e47133a6f81ea5192420451e032d11a75255f07b20582b9ddd99cc87380cf0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 05:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
Size

2.7MB
MD5

22c9b17cbf3b42b5d06589a167774ca0
SHA1

cc25bae24d845d021076c355a32614bae6837a8d
SHA256

e0e47133a6f81ea5192420451e032d11a75255f07b20582b9ddd99cc87380cf0
SHA512

907b8fb021e794dca73b640ffbac09905e289869e8d250f5d59adcffb753811e3bcb1c7551d2d940066d1fa05cceee6fb5dda65e176c6e77415c238554e220a5
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSp04

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4168	aoptiec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrv3K\\aoptiec.exe"	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBGF\\dobxec.exe"	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
4168	aoptiec.exe
4168	aoptiec.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 4168	2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe	87
PID 2008 wrote to memory of 4168	2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe	87
PID 2008 wrote to memory of 4168	2008	22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe	87

C:\Users\Admin\AppData\Local\Temp\22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\22c9b17cbf3b42b5d06589a167774ca0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2008
- C:\SysDrv3K\aoptiec.exe
  C:\SysDrv3K\aoptiec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\KaVBGF\dobxec.exe

Filesize
17KB

MD5
0c9f693724040eb946cf0570b4191a45

SHA1
c07f48eefda7d2d604318426889183d47f0b24e9

SHA256
8f559e4764a709d13201f431027e0515f77103ce5840d1050ff07d60cf893cac

SHA512
b8baa3976a43fe4cb2ced6e52c4accf2ddc1cfae29ea7d4a58bd94e10cf0b8d23c8a9e8ae140c9a76695c50babe7164433b9a39dc1e766e0dab5fcabc2f9fc43

Download Submit
C:\SysDrv3K\aoptiec.exe

Filesize
2.7MB

MD5
4b9dafc84948fac850cff3679cf5910f

SHA1
561843001a6fafe13ec456b89a69a2b1468a6905

SHA256
1df4813aac15a3ef099b3a7af3dddefe66570589e935a449c48af9f650dafeed

SHA512
a54c5cb5c43a649814f1a9ae06ec1d20186021d86bd8a352dd9b4738341b163b85f36cef75cbb835b8557c3480533aac627e4c95c7ee67ce720d34d1999bf30d

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
203B

MD5
e24290441ab30022da3915df8da941d0

SHA1
f42c6ea0a6543d41f95a8d695698418f11f85857

SHA256
8109ce821154396d060f2969bb2d5422bedd599a10a32f06184348b1df086f31

SHA512
d45c22f9adc78e216cb4985ba7cf5967f4ee43737dd17f527cbeed2dd3b5ecb5ff7be6b69c591ce22f14e42c0f73b74e096b060797da82e44f8c0403f04c54cc

Download Submit