Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 02:58

General

  • Target

    5922593b7c066832733de77c1e113e10_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    5922593b7c066832733de77c1e113e10

  • SHA1

    586a5eebb1408f7253c85962561282cc553ea7c7

  • SHA256

    9cea047ecffe656ce6e5a36bdfc4ebbe708950228a9b86dc1be0563d364f30f6

  • SHA512

    e046337c7e159eef5004ea7ca84e9ad24fc622b134871626513cb059f8b407403b5a0a61a43edec4ff031ef1e599958821af58a5d88947b44901f0f794699513

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB19w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5922593b7c066832733de77c1e113e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5922593b7c066832733de77c1e113e10_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\SysDrvF2\devbodec.exe
      C:\SysDrvF2\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBEC\bodaloc.exe

    Filesize

    2.7MB

    MD5

    8562bafccc93bc17464e701595599f50

    SHA1

    964de02172dbca16c047d21fd17dd07d15c06b93

    SHA256

    375205af13cc087df53b56218337330b7dbf2837712849355f1c3ae9855fcbd9

    SHA512

    908c95e5bfd68821270ab25353e0ff03c89ee6211ace8720bbad6a6fbf8dd577a295897727c469cff3f8298e1785b4520c3c84ba5ed47b1eb179539717daaaa2

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    201B

    MD5

    4ee7d9e7ce09678f8eb6a1f2892c569b

    SHA1

    f1b367ba25fea0c61231002083824f624b0c49dd

    SHA256

    1a9fa52466c1c73a7049c259035e49ff0b81024bfa6a9dc79847505ccf3f7060

    SHA512

    33a13b82b94b18085652f6934095feec90ffd46b1a6cbe6c2fc9e9cb24aa4fff4df81f46b82696c39137ee48a57225c8d53dbd682bb29f89165913d821551d36

  • \SysDrvF2\devbodec.exe

    Filesize

    2.7MB

    MD5

    cd00b9c8565d832127f1593df7f10112

    SHA1

    c8db7116a2284208c51ff57270aeb6eacc3ce9b8

    SHA256

    6b8bd4bfc104a989902c7858a2236edad44b053a18d0171c01b533029e657a2d

    SHA512

    f6a3efdd7007a80a689bbf6ca25d4d87e0c7683bc43886606cf314db24224fbf153398cbe4526da567337915b15e674d5fe8997972d6858af7469bd9f3eadd5e