Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 06:18

General

  • Target

    6503b76ced2c5818dfafd0e78910add0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    6503b76ced2c5818dfafd0e78910add0

  • SHA1

    66890e805fac40ea1b4d668f41d5c1f09e1f84d1

  • SHA256

    8a42901d4599b31b0d7bf8c7eb9be802fa44c326e4272fbef9e2f324c4b2f94f

  • SHA512

    9dcf618886d26ff8cc5a234b7256a27ad436630b274e96b182ad85f7d68f34fdb4e1bcfc9dcd913d24f33ed01c3d0be62e6ae46b591d9c1b24b7925fe69e7798

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp54ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmm5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6503b76ced2c5818dfafd0e78910add0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6503b76ced2c5818dfafd0e78910add0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3692
    • C:\UserDotT1\xbodloc.exe
      C:\UserDotT1\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxT7\optialoc.exe

    Filesize

    831KB

    MD5

    f154b7394805b7d8634e344b52f902df

    SHA1

    bc4ff289e55a2ca865a8ddad7700c557a23c5e27

    SHA256

    0141dbdb593d7729a8123e242ee5a031b9af386a2b3eab0724b93e9ed753e719

    SHA512

    734a9ca78dcb702fe65c97634621ffa66df96a831ee9faafd422bd8e48b058f02364035250c90262a14ce033c1664d933a5f156535f57932619c752b8e579952

  • C:\GalaxT7\optialoc.exe

    Filesize

    4.1MB

    MD5

    8be19da987f9c686dd25335d31a5ec3a

    SHA1

    498d05ad243e7f558a00de1cf99d801396efc237

    SHA256

    377d52a13f3bfdaf2216578c7350dab133620e7d8a6ab387e77ae65954e1a524

    SHA512

    669be468e9226faa60d0573a8f19b808e73e0d1f926625f3b7d8e83b0b99dce6b9f6a22829e7c6d7c1478e66a8853693e921dade0b38c4650e61f52fef66122e

  • C:\UserDotT1\xbodloc.exe

    Filesize

    4.1MB

    MD5

    0aa1f85641900ab469ef7dbf5602a47d

    SHA1

    40d8f9880f99b20da62f2f445fde4713e7b58a37

    SHA256

    429f4dc96f799c0c27f2358491cf7661944e794aabe161e86c1cfdae3dc8ed5d

    SHA512

    9311e3e0421e75b148f7361ef3ec6385b3c11fe425e24ee0a0757bacd4ea491384905971fec9ff88e577d362a0f1a108db75588f0d9ed76179455f591ad8664c

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    204B

    MD5

    de490fa2751cc44ec20801a219dc81ba

    SHA1

    286bb4891a1052fc7bbc3f81aa780e08ad3d56a1

    SHA256

    e39cf8c8e86c5ceeb82cb821e69b82a4de69420fa2ba666229c3bf9a5cb8120d

    SHA512

    5f237dd2bd48afc875f58ca779b34009b74c520d5d450f72da0534c1a401afa755a152e7851b7e0ec02f99c7d854b86a71092af9e63c708a436117bd8c76a33d