Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 08:05
Behavioral task
behavioral1
Sample
2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe
Resource
win7-20240611-en
6 signatures
150 seconds
General
-
Target
2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe
-
Size
1.6MB
-
MD5
2a2dcd8f38f118d4d1991aca81bfbf90
-
SHA1
40013c1f7b24747b2f94dc7e4ea13852cb1268f3
-
SHA256
5cc5e921776219318de4b63bdca08467dcdebe9730d17c91db781cfe05b935a3
-
SHA512
c87d489860d73ab18d53c0094b9eed4427c1eaa9fea2eabce583e13a14b5977bf67427f3dab90fc2f8856ca375a82c8831ea755c8f9f535f8bde92cc01d2e080
-
SSDEEP
24576:vCaehx36QZvHdPnLxRYUVlqcH9TDR3GmoKeBSwyS3GS8jgNGeu8oS9YJzYF7kMVk:ar36QVBLLnPj35GLMC2jgNGZ8+JzC
Malware Config
Signatures
-
XMRig Miner payload 14 IoCs
Processes:
resource yara_rule behavioral2/memory/4184-3-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-6-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-7-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-8-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-11-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-12-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-13-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-14-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-15-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-16-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-17-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-18-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-19-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig behavioral2/memory/4184-20-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp xmrig -
Processes:
resource yara_rule behavioral2/memory/4184-0-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-3-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-6-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-7-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-8-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-11-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-12-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-13-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-14-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-15-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-16-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-17-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-18-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-19-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx behavioral2/memory/4184-20-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp upx -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exepid process 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exedescription pid process Token: SeLockMemoryPrivilege 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe Token: SeLockMemoryPrivilege 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exepid process 4184 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4184