Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 07:37

General

  • Target

    69bbdd449ed40e0c8f7f1fd845e74cb0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    69bbdd449ed40e0c8f7f1fd845e74cb0

  • SHA1

    c14942952ee90682f5ab10b197f9d96ee9cfe891

  • SHA256

    754c080edd00c5b98054c0e24327c4f57210c82a227f796894fe940b2f1cd154

  • SHA512

    8456c18938b141a153c3e0b6be96826187688cae602f53f8e27b3cff8e5078f670b39f27b07ac72f4fce55652b2c99ac916282d4a440491c14297470f5e6f930

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBY9w4Sx:+R0pI/IQlUoMPdmpSpS4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69bbdd449ed40e0c8f7f1fd845e74cb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\69bbdd449ed40e0c8f7f1fd845e74cb0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\SysDrv9M\devbodloc.exe
      C:\SysDrv9M\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZSX\dobdevec.exe

    Filesize

    2.7MB

    MD5

    bd6e0936e1675b85849a7b7771cfe4cb

    SHA1

    7386b65e0ccbe4b0c8a68f02dfd457f046404227

    SHA256

    4979a275983931491f9aefdbdc9e8de6e9ad79b550cced5dce7bbee8fbbb483c

    SHA512

    7fe4e29e0701f968b2a471bee68ee3fbe746426d9a153eb5c5dca754c022349302677996b11d32e580a645311c22491eefdb34a7082d2221219a64c46c114c7d

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    204B

    MD5

    b7eff09f91abd1aaff9b4711c489136d

    SHA1

    43a87a2bdfbab7731fdeb94457d010b172e01c0b

    SHA256

    ce2be07f8bf0ea70aed9e8bad588020003bf3dd950ecc995b05c56aa0a063cd5

    SHA512

    74ebeceeb3a30bdc363bb70e162f097927e9241a19f413b3e860240e82f89ee2665943a3fd1e35128c46a883b015712b6269141acec371f688afc54bdcbb86d9

  • \SysDrv9M\devbodloc.exe

    Filesize

    2.7MB

    MD5

    c384716967e21c9c7aaa447fbd6114dd

    SHA1

    78f94c74eac0221f23ebe1ab4992aecd312a377f

    SHA256

    b273fd702e209fc5725fd4472e6e8cd2ede28b405807967c07b0be7538029b9a

    SHA512

    948e3af733dead1cb386c59fd349036d56c1986e05fa8a14e9a80b1aa19653d430458e40d05479eec7e302c711f40269c83315207533f6d8831b997473f7d83f