Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 02:58

General

  • Target

    5922593b7c066832733de77c1e113e10_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    5922593b7c066832733de77c1e113e10

  • SHA1

    586a5eebb1408f7253c85962561282cc553ea7c7

  • SHA256

    9cea047ecffe656ce6e5a36bdfc4ebbe708950228a9b86dc1be0563d364f30f6

  • SHA512

    e046337c7e159eef5004ea7ca84e9ad24fc622b134871626513cb059f8b407403b5a0a61a43edec4ff031ef1e599958821af58a5d88947b44901f0f794699513

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB19w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5922593b7c066832733de77c1e113e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5922593b7c066832733de77c1e113e10_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:700
    • C:\SysDrvOY\devoptiloc.exe
      C:\SysDrvOY\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxGD\dobaloc.exe

    Filesize

    2.7MB

    MD5

    ed5de57abf08977d4886831d24687bdd

    SHA1

    94332cf44091599c52ec3565975bcf3f2589e9eb

    SHA256

    d4ac81a8d108f1733cc3a5cad130e9b5cbee5e4af3af300b26e0ed8ccc0cb978

    SHA512

    df1e750cda2ff8280ebe090bded55d093db15fecbb11970cb404e7c3394a1bffc4981ee07cd1e9f76ff5a25b5fd78342f268b864c618175016b262e6a67427bd

  • C:\SysDrvOY\devoptiloc.exe

    Filesize

    2.7MB

    MD5

    afd03e6294fd46adeaddd7e529eac8ed

    SHA1

    60a321cfa8fae4821a12225a515f49b7c5bf0199

    SHA256

    30cef1b66e63ea524beeb9d4a6c78f93d1eb34c10f81c5979590b5c695f1ed32

    SHA512

    2f57fb7e402b4b02f05dfbf3cf97730031cad0104dc6a3695dfb6bc259ca6e515fa1bb830b806c0f131079c4b30b8e961324ab279897b6fb655b2370857f304c

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    204B

    MD5

    b8d9a40e0bd1f624b4f22521170095ba

    SHA1

    65789bf4e16618a5b59c4c8317eb63f2ad796757

    SHA256

    d6d685f3d6afdfe135b692440031b2eceb8ad9e373f0300b0690cdb000b85cdb

    SHA512

    a5c6aaf80b886d8e84d6553679951351ddf8fe59ca4f32cd60a27bd9e192e611bb8a16cb6a53a05a4aafd1a927fd161bcac045723f7a36c22e91b9016931d896