Analysis
-
max time kernel
95s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
14/06/2024, 08:28
General
-
Target
b0db1bf84422e82a4eedd3de64581150_NeikiAnalytics.exe
-
Size
76KB
-
MD5
b0db1bf84422e82a4eedd3de64581150
-
SHA1
5eb1464bec8f946defef43c529f99e842ff4b26d
-
SHA256
c39b4881014b7e5e9ca42adf22eb5a88ccf62468c9449890471bb8c3c7bfcb33
-
SHA512
a9e03d5643531c1155719858b1561b7033fe485ab4d07bb0ddeb1d3ed08856f4f5f17f60a948d1c3a4427da0bffae865315c8461fd454ebeeac6a17d7ea507be
-
SSDEEP
768:/GIrCeYLmwy+xOF4/i/BEYkp7P6lweQDhDmpU5GFrrEzWsdSE0d8pUHIkI0Iq1:/TKmIxO+2G40OIkaq1
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b0db1bf84422e82a4eedd3de64581150_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b0db1bf84422e82a4eedd3de64581150_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\siobo.exe"C:\Users\Admin\siobo.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD5eac3fdb90bd7c447f32bc9bff4cbbf93
SHA1b04485283bc0c60b3ff2ef04f051557dcab98925
SHA256ebb06e41bf8b088f10f59db3b2da09ad6c611a04b5e0fe7050e6f6f8f8621588
SHA5120ded199b599ec66e34dc23635da689c62cf483f19d6a69ae93f0356e720e9cdbcd052074d386d8c26ac486b756146b252ee8c328e3f7308dd5d6ea18f002df03