Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 06:18

General

  • Target

    6503b76ced2c5818dfafd0e78910add0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    6503b76ced2c5818dfafd0e78910add0

  • SHA1

    66890e805fac40ea1b4d668f41d5c1f09e1f84d1

  • SHA256

    8a42901d4599b31b0d7bf8c7eb9be802fa44c326e4272fbef9e2f324c4b2f94f

  • SHA512

    9dcf618886d26ff8cc5a234b7256a27ad436630b274e96b182ad85f7d68f34fdb4e1bcfc9dcd913d24f33ed01c3d0be62e6ae46b591d9c1b24b7925fe69e7798

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp54ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmm5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6503b76ced2c5818dfafd0e78910add0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6503b76ced2c5818dfafd0e78910add0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\SysDrvI2\xoptiloc.exe
      C:\SysDrvI2\xoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    201B

    MD5

    5bd682623dbf12f1b12e24fd9368ad30

    SHA1

    c0a809c4bf7eef2570f8b7e4ef3c371e4e68bbf6

    SHA256

    d4afdb71210a26aa1b39219bccb3c3c938013b94fe0628066a3271e67cf136ac

    SHA512

    9fb43b479f1f8dc38e425739c8789ba724e27fe857ee27a151a9ef184ace2599d2e12dddb92aee60707503f949326b3d8ca97959bff09d08c637e4dc676bda7c

  • C:\VidJ6\bodxloc.exe

    Filesize

    115KB

    MD5

    1b984ee2c3d927d86a22b995692b5a00

    SHA1

    33605b020f501f87a51a3fa7ed7cc6c55872d05a

    SHA256

    ffb61654f91dbfb6f3ebe637261c94e13fac1ff8ba1e23819ac71a81d4233a70

    SHA512

    56282df60792fa3ada2dd11330deae26d055af11fde8cc6d32fa9d1f4e4b47ac4b4a1ba520b80a2c7852e8a2fefbf331d24b3564f02dcd51ea7bd4fb22568118

  • \SysDrvI2\xoptiloc.exe

    Filesize

    4.1MB

    MD5

    3bbea5474146f1443b5806f3f95fd43b

    SHA1

    9087def4de706c9ffc78aa1accae5ed697fb8cc2

    SHA256

    96db98ea165565ee44ffc01d61b4fc8acf2b05bb902df31a241942bd28e134ca

    SHA512

    ffaef28fe2e85dccc771e2641e2c71908bd689c63f2780d7772b63181e463e8d53424cc33950b9de6388af569aec4e1e67dd978caabb98a5e124890e9f52326d