Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 07:37

General

  • Target

    69bbdd449ed40e0c8f7f1fd845e74cb0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    69bbdd449ed40e0c8f7f1fd845e74cb0

  • SHA1

    c14942952ee90682f5ab10b197f9d96ee9cfe891

  • SHA256

    754c080edd00c5b98054c0e24327c4f57210c82a227f796894fe940b2f1cd154

  • SHA512

    8456c18938b141a153c3e0b6be96826187688cae602f53f8e27b3cff8e5078f670b39f27b07ac72f4fce55652b2c99ac916282d4a440491c14297470f5e6f930

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBY9w4Sx:+R0pI/IQlUoMPdmpSpS4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69bbdd449ed40e0c8f7f1fd845e74cb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\69bbdd449ed40e0c8f7f1fd845e74cb0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4436
    • C:\FilesQ0\devoptisys.exe
      C:\FilesQ0\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesQ0\devoptisys.exe

    Filesize

    2.7MB

    MD5

    33490ed6f6ca55ebbc4128717fdeddcb

    SHA1

    3d865196c7bb6504c07ed81b0215a1477b18b466

    SHA256

    99b3ae289b1040f27fafe7b0dc5c49419e5b3eb8779af608562a79838f39f340

    SHA512

    39dbff15ea058571af95c025d8804c53e063592ae0825f606f93c2101d554f0cb0871ef5befca3edc282bc803a172e3415fb6788f2941f16a06be6dd81cb2b6f

  • C:\LabZKE\optidevsys.exe

    Filesize

    2.7MB

    MD5

    ed2ae2ba80a2e62d2672adfedd0b25d9

    SHA1

    81909433f39fef9f6c8f3b740233d5896e12f3e3

    SHA256

    e366386e59e4b8f17c626abf9944d60e0c0ffe38ecc4fedcd03d7817dce0aaca

    SHA512

    1ee4605187de0f8231831bebad8222fd6bdbd46bb71afe59f4c15b3d5c4117464fa64c90bf9fbf36cf4325481af381349217ac8a43f026fcaa4106e98180bdce

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    208B

    MD5

    22a72e3f50d5df1eee7c3b69cd076aac

    SHA1

    a04fe6c0c23c7ab4e83138375b95d60fb2d9d9c5

    SHA256

    cd5aac5d87c0eed852274969db1154a00c6914a007da1c38f5abcf38a11bddf2

    SHA512

    27f9bc1c8d87de730d6daf13b75550612a49806e72fe8f9c97c31789b9408c5927ca815de9f7b6bc615d7ea4a4bb5e4b1516be3e32523d9066ed834a14e25460