Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 13:21

General

  • Target

    7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe

  • Size

    303KB

  • MD5

    7f9a478d1c29c2d000a4dfc2e3c493e0

  • SHA1

    6a5c7afc80c03493bdc824d327aaa8dd0249b9a7

  • SHA256

    d653b46d3b298c1f4d42edabc701ece859cf2d4a3fa80471c0df6e9a10e28706

  • SHA512

    33770b150be7ba17a5d4416116aa70c56a756f360410d9d8d30bda137e67ff291655213bed0f555b9737f6a3716e92439243f3c4e02252553c99717b758e91ce

  • SSDEEP

    1536:wV61OQr8x1Di7+p5DuzCbnuEMgFNmnBWInd7dGiiLsyAmRL+:wV6H4c+p5DuzVF4EnGiiIyAmRL

Malware Config

Signatures

  • Contacts a large (1283) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Registers COM server for autorun 1 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 16 IoCs
  • Modifies registry class 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe"
    1⤵
    • Registers COM server for autorun
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:5100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\evbtzrnk¸.dll
    Filesize

    103KB

    MD5

    4456ccf225fe533d1d79e76a2a67e12b

    SHA1

    2a0978d3928e91536b8bd0616f65037c79c2978b

    SHA256

    f4b1a14ba1f697eead220145d0605b9679a5b7f95cc213900b6ce67a2d7f8f6c

    SHA512

    321d058778fb3ed254b58d6040b540de9c781dff6f4b09e4d6a4e5a90bde1bf368458618cc8180d01bdfcbf798125d7c1355b7a05e35531366933d5e1edb05da

  • C:\Windows\SysWOW64\hzypcoaq¸.dll
    Filesize

    103KB

    MD5

    f231db98798f09ee7ab1eb49924727d3

    SHA1

    a75c64852968fad2c981a21277c3d89d8338b367

    SHA256

    cc1e46b50fc41fc7e70ff32ae2af3871587760c4cdcd5012ff9bfb42f1fe593b

    SHA512

    61f37fa0a9c512576b2a50551fb9521d7b2ef32d25af3693d9783ab1adba618b84ab03b32b577efdc10adc1ec2c167d911ca19e86936b3993b00127a7032fdc7

  • C:\Windows\SysWOW64\kglyjodu¸.dll
    Filesize

    103KB

    MD5

    7e2e490513a57f35e27531398b55f655

    SHA1

    a773013f2e5f796f214a4e21c8da569d44bbc1a6

    SHA256

    90c963fe367353eb7c52197e5b925a7505300ab00a1ca1c2659c0733c98a9892

    SHA512

    aa6a4360ad660102058b3fc36a8e1ffcbf934554feb6b8b2ac51fe6c6eafa3a11756f545d62dd8ab8c4ded3b20026fc2b3f85c1f359b9ca8c1894240991598c1

  • C:\Windows\SysWOW64\mhzrpwaqb[w#.dll
    Filesize

    103KB

    MD5

    026c4d22bf4964f07533ea314b7cfd0e

    SHA1

    4c3a5481928065affc1d162a10be7136a1eb2384

    SHA256

    00d2cc39231d58471a55057c81240017db70fc35dad2bbcc928df1e6ebc606ea

    SHA512

    9bf87ae8d8f485310688767fdccae88d3da34281744e6c28a558c90c2d562583173de849c3a4f91251ee30ef36dc7c22027bda58b95fd910c7fcd995fb90f25b

  • memory/5100-0-0x0000000000400000-0x0000000000436000-memory.dmp
    Filesize

    216KB

  • memory/5100-1-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-6-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-10-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-22-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-35-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-48-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-59-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-68-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-87-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-106-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-119-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-130-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-141-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-150-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-175-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-187-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-203-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-226-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-241-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-256-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-274-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-289-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-290-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-291-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-292-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-293-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-295-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-312-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-326-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-348-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-369-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-385-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-399-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-432-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-451-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-478-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-498-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-515-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-542-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-556-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-578-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-594-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-609-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-624-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-641-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-657-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-665-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-666-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-667-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-668-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-669-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-670-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-671-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-672-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-673-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-674-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-675-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-676-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-1197-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB

  • memory/5100-3204-0x0000000000480000-0x000000000049D000-memory.dmp
    Filesize

    116KB