Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 02:56

General

  • Target

    58f5f0ad4c8c4e2d8f1ebe9b836c31f0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    58f5f0ad4c8c4e2d8f1ebe9b836c31f0

  • SHA1

    a819a96f3c0408087dd78799632a8acd35e19760

  • SHA256

    dca3e14dc36c52543ba8ec0688af601be49cca0b2abb950c42f0d4ab9441c737

  • SHA512

    d69866ef921d277a0a824799a9888ec51c62c24480221289f6bf5c075307ac864af381d8382b70bfb7c579bd0d762ea36d3d6c8815cd89042f32b3d80a4fafa3

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBO9w4Sx:+R0pI/IQlUoMPdmpSpI4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58f5f0ad4c8c4e2d8f1ebe9b836c31f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\58f5f0ad4c8c4e2d8f1ebe9b836c31f0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Adobe7M\devdobloc.exe
      C:\Adobe7M\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      PID:1032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    203B

    MD5

    e4040ed3dd04eb7906ffa45ba4c5b1cc

    SHA1

    00e2bae589a1c497779fed483b6e3f9d1fb9d595

    SHA256

    29d90ae9a1ae8c7cd74a94cd4cdd9921723f1d50ced62c9c3a2dd19d5166389f

    SHA512

    7d07c4b1f0df9a744edb1bd8c0126904f92e03cce73b7f85ea4af2fd842d5ae27e09c02bdcd95c76579a6d68e246c6fb241e7739bd547b9e446b4aeb3b82b84b

  • C:\Vid9U\boddevsys.exe

    Filesize

    2.7MB

    MD5

    dd318b0ec4795dfaf705f5d8537357e9

    SHA1

    f800ec69e32c0ccd7f8c0157357efed34a83df00

    SHA256

    7ae6c9a95e6f217c6ddc148a1394cc108f669db413fa1699e7e0a747d83cbb87

    SHA512

    18b37c1c8fbd6181d2d52662ce273985273bffbab8df9a0960449c4e44d9d21c4b848d7c7277f13945eb2f86ce85a8f1c3dc786a3ccf4b6fe69ba51815d2a28e

  • \Adobe7M\devdobloc.exe

    Filesize

    2.7MB

    MD5

    c9f1bdc0ef47e8cc63108a9c647078f6

    SHA1

    b4e81d021d925ed450d66639b2c1d0644588dde4

    SHA256

    d6199bcc85c7b66f65917a61b7e9f254d36c7767c3ed55162484ea2cd6c5bbaa

    SHA512

    c4a679fe84ffb20313111cf03ce7f530ad32149a4cfc7af66eb2b84d33ead137e4d38f89d7ddf5f559773ac89d4c2818d08ffc0ae312f9c42b6f17430b6788e8