Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 08:05
Behavioral task
behavioral1
Sample
2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe
Resource
win7-20240611-en
6 signatures
150 seconds
General
-
Target
2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe
-
Size
1.6MB
-
MD5
2a2dcd8f38f118d4d1991aca81bfbf90
-
SHA1
40013c1f7b24747b2f94dc7e4ea13852cb1268f3
-
SHA256
5cc5e921776219318de4b63bdca08467dcdebe9730d17c91db781cfe05b935a3
-
SHA512
c87d489860d73ab18d53c0094b9eed4427c1eaa9fea2eabce583e13a14b5977bf67427f3dab90fc2f8856ca375a82c8831ea755c8f9f535f8bde92cc01d2e080
-
SSDEEP
24576:vCaehx36QZvHdPnLxRYUVlqcH9TDR3GmoKeBSwyS3GS8jgNGeu8oS9YJzYF7kMVk:ar36QVBLLnPj35GLMC2jgNGZ8+JzC
Malware Config
Signatures
-
XMRig Miner payload 14 IoCs
Processes:
resource yara_rule behavioral1/memory/2452-4-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-5-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-8-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-9-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-10-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-11-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-12-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-13-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-14-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-15-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-16-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-17-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-18-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig behavioral1/memory/2452-19-0x000000013F3C0000-0x000000013FB05000-memory.dmp xmrig -
Processes:
resource yara_rule behavioral1/memory/2452-0-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-4-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-5-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-8-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-9-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-10-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-11-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-12-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-13-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-14-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-15-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-16-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-17-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-18-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx behavioral1/memory/2452-19-0x000000013F3C0000-0x000000013FB05000-memory.dmp upx -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exepid process 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exedescription pid process Token: SeLockMemoryPrivilege 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe Token: SeLockMemoryPrivilege 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exepid process 2452 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2452