5c4f2d43e4ee695044784740f11b9a7335c4697c7e41acc4123b552f272415a8

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
Size

2.7MB
MD5

819dedc62b13a9cd64fb3685fb293820
SHA1

3766511f76eae5b23d3be9eb4cb10665ed073283
SHA256

5c4f2d43e4ee695044784740f11b9a7335c4697c7e41acc4123b552f272415a8
SHA512

6fe6d1f253bcfb6f586a3e7c621f7c0ad9796140bd3390be4305d204f0b9f508b32df475a39a50af81bd107f6aff623820c2bafd417b3c4176a0e66b4ab61541
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBe9w4Sx:+R0pI/IQlUoMPdmpSpo4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2188	abodec.exe

Loads dropped DLL 1 IoCs

pid	Process
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrvN2\\abodec.exe"	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVB5L\\optidevsys.exe"	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
2188	abodec.exe
2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2188	2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe	28
PID 2056 wrote to memory of 2188	2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe	28
PID 2056 wrote to memory of 2188	2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe	28
PID 2056 wrote to memory of 2188	2056	819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\819dedc62b13a9cd64fb3685fb293820_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2056
- C:\SysDrvN2\abodec.exe
  C:\SysDrvN2\abodec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\KaVB5L\optidevsys.exe

Filesize
2.7MB

MD5
a32b454ed967fbec573c2023d6c02773

SHA1
a703238d6025bf009d61e07bf18a2a03e71dc1cd

SHA256
480c9be4ddce9607daea2ab4b73ff397e9102645ca30121260824fffc0f6711a

SHA512
e5b9a7b6bacabc3a96a2d7675b1924198feb4fd7388a5565d38bab43a7c17c34b096ff793d6e6ccc0f05397eae179fcca244d83cfd4a829204bac2ec63b94b65

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
203B

MD5
03e87e84b9669922e280654d40aa71b4

SHA1
89f747d4e2b330550cce5b0e57c950bdf3db8c49

SHA256
c5bda75a044679b647341ca09a0c27e223bf762f0bfb7fdcb1c9ac0efa7439b6

SHA512
ba5223e5a684aa4598da19284c8c112aa0095bb3f53f25d0d65e0058f0daab57fd5bd1f18b36db20e44f35c2e03d6f95437886acb68927af9410cb98af64bb5a

Download Submit
C:\Users\Admin��

Filesize
2.7MB

MD5
7ec5e20ab0d0bbe2a85f3487bd8a28a1

SHA1
0824504c375220e3e05773a06e097523780149ce

SHA256
8dbda8b9feac5c8ba132e905655938d7e71698c46febf83bef0566f8a6161006

SHA512
72f09d65ba855df810b1088e583021e0b341ef32a99af911df59f47e0974d355c709729c07bcaf3701c7a0ce07f31e8456bf4c4b4cf31df1e287ada1c7615ab7

Download Submit
\SysDrvN2\abodec.exe

Filesize
2.7MB

MD5
e0c178814fca4b8f69f010eb9ddf378a

SHA1
7e9fcc052f698f0659c630d9bb57fa1043dd9486

SHA256
381580f5ad33c6b05c047cc55b07c5e4d1a8f4209ea4d67220b853db62738485

SHA512
6ccf4b7e63d4e67e6704a0c3145cafab8a8f2cb8fdf7577cfd79f677eab71854bfe82ca6b09cc25f24ae3205722f4ce1bc1d194deb52bff0c050ed4bfec6c1f7

Download Submit