Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 02:46

General

  • Target

    5840c1688f54eb98308d33aba1e3b0f0_NeikiAnalytics.exe

  • Size

    368KB

  • MD5

    5840c1688f54eb98308d33aba1e3b0f0

  • SHA1

    16fb59a97f3a703055a8e82b39af8573e82fdaa3

  • SHA256

    057db4e22fafc7beb6b3a32b36c726edf94a23c774aefaf25d09866332b34f40

  • SHA512

    0189b21277fd3fbebf134cdcccc4811e866f090378240e303e2388d9a47f111b6eb07c0ab197df695b17cba66f0b86fe7154467ff196f4f862b7d4e5bb50b1f9

  • SSDEEP

    6144:Gk3v2BsHkq8xJYd1BeJuESHr4YWzOMlql49e1/lcduanJntih/FlVjf5PfbZjo/E:nv2BsHkq8xJYdlEC4YWzZvRMUqD

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 54 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5840c1688f54eb98308d33aba1e3b0f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5840c1688f54eb98308d33aba1e3b0f0_NeikiAnalytics.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Users\Admin\zeeowud.exe
      "C:\Users\Admin\zeeowud.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\zeeowud.exe

    Filesize

    368KB

    MD5

    92985c61d13ad4b3eaec75896a09be81

    SHA1

    4729d43978e8129be54efd9a7294a8c149c663a2

    SHA256

    4cfa308222c0a054f0b648e9072db05c6a560c4d51c2da7b3a7a76606697f876

    SHA512

    325c9e8f045dde881f2e5648002ad1e723bc2b9aef593a1be6f7eddc3bdbad249f1111c5000c7093be4cf3fd11fd63711268e7da71cf8bbbe1694805b0e45c97