2ef4806a3edfc2399c501e4cecd1843b2adfcd9c44cab6b6911731e12cfa57a6

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 11:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
Size

2.7MB
MD5

bb8a502203b0e847cd42b05de53dd7b0
SHA1

8c735806c3e94cce8d5fa0d91aecf904dc62f6f3
SHA256

2ef4806a3edfc2399c501e4cecd1843b2adfcd9c44cab6b6911731e12cfa57a6
SHA512

1c5b678e0e75f27726175ba11b39feab214acb2cd251dbcbe977ecd3d604afe2a98992d3cd32c1848be55ed3da57d41cffd5523a496be446d40f43be14778658
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpX4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2868	xdobsys.exe

Loads dropped DLL 1 IoCs

pid	Process
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotEE\\xdobsys.exe"	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidP3\\bodxsys.exe"	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
2868	xdobsys.exe
2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2868	2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe	29
PID 2136 wrote to memory of 2868	2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe	29
PID 2136 wrote to memory of 2868	2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe	29
PID 2136 wrote to memory of 2868	2136	bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe	29

C:\Users\Admin\AppData\Local\Temp\bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bb8a502203b0e847cd42b05de53dd7b0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2136
- C:\UserDotEE\xdobsys.exe
  C:\UserDotEE\xdobsys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
202B

MD5
80be43fdcb26c30bd5d0bf98501d218b

SHA1
0710e06f5b342d14c75d2389c66c59e93a1eac24

SHA256
40f2977d934321ecc58e5cf89f4a4de40fcc7106b8ada2130e97211b3d156133

SHA512
8d4afe2e8f3d66df916665082b236f1dcdfa435094db7483c3b024038a44857e2e424b911af825b478db838be7aad3c6b61f5ace27bcb147f5d21364bee55879

Download Submit
C:\VidP3\bodxsys.exe

Filesize
2.7MB

MD5
5f72157d3e4f5951a605e05b2f40e136

SHA1
bdd2ea5add3a22cb1fc34403e5dba7bfa4317ab1

SHA256
4a5921468b6fdc99793ffe10093bcd10c10070c63849f285166e2a9ebb160a14

SHA512
65298e5a170b96d361f6cd07c5a084a3544bab5e2f5fdd076483e15a638e37682ee4240a618a6ad00dc58ec091dccfd4e7035f92c2db3ad368888885c421418a

Download Submit
\UserDotEE\xdobsys.exe

Filesize
2.7MB

MD5
f18feb21a5d62c23f218887687ecb40b

SHA1
c3f6b889822c77107309388c68499c5d71c642ac

SHA256
08c93d588691dd860d53cac798e953f3256f977700ee67f0ff6617562084f1d9

SHA512
fb2f67ff51c261ac83353305b8a83d2609042dc46388547b04735b6147c1701c1ff318b7108a627a80e3e4536ee5144301e291c13bd069faa14b5948271d430f

Download Submit