Analysis

  • max time kernel
    149s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 02:56

General

  • Target

    58f5f0ad4c8c4e2d8f1ebe9b836c31f0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    58f5f0ad4c8c4e2d8f1ebe9b836c31f0

  • SHA1

    a819a96f3c0408087dd78799632a8acd35e19760

  • SHA256

    dca3e14dc36c52543ba8ec0688af601be49cca0b2abb950c42f0d4ab9441c737

  • SHA512

    d69866ef921d277a0a824799a9888ec51c62c24480221289f6bf5c075307ac864af381d8382b70bfb7c579bd0d762ea36d3d6c8815cd89042f32b3d80a4fafa3

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBO9w4Sx:+R0pI/IQlUoMPdmpSpI4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58f5f0ad4c8c4e2d8f1ebe9b836c31f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\58f5f0ad4c8c4e2d8f1ebe9b836c31f0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:540
    • C:\FilesCE\devbodsys.exe
      C:\FilesCE\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      PID:4176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesCE\devbodsys.exe

    Filesize

    2.7MB

    MD5

    bf1b4752c0caa7b0ae36866abe162517

    SHA1

    f95605fc7078834e8960ecfa22d55a32818925b4

    SHA256

    7ce83591c51c75aeaa21e2a5c86cb032e7fa82224d8f0aaf6e278400b0bdfa29

    SHA512

    e9211752d094cf4f32c42d9b5e6fa6eab384cdf1471acd03a48814142a9d8e540e7d8fe522b9d4a18368bbcdd470dd1601c23463d2ede98f3275b2a1f048118e

  • C:\GalaxBB\bodasys.exe

    Filesize

    2.7MB

    MD5

    afcc51ad6ff86eb8d811254662084d20

    SHA1

    ea9ff02c6905c5aca91201160ce0e236c23fe7c0

    SHA256

    8860ed2feddfdf3ae97390c0a225235657a3295c63cff3dee3a0ea71ca08a9c3

    SHA512

    c07b1298fda9ad04bd8dda58f6e075a7a08450b10cf7d5d1bb00ed64ef982c3ca07a9771c672e18cb5ee18821893abc5d1c14b58222101f17546a9a0cadf31db

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    204B

    MD5

    183d7635e54b2213748ab2315ce144f5

    SHA1

    b35bc9748d4aaa5a1929fccbbdd56b9fb8760db8

    SHA256

    af3ce4a55a12fcc091d49047f3c54bb694ff4bac84a624385d983fa438b8e286

    SHA512

    0cb1d2dd3a30d22178e64bf7f0f56adcc3a862b1ac9c81f8ba5d438581ea68371834fab930217ad4d5b2578a00ee2dfd4ebb18aa57a17d04004d91c58afee189