07a9ae340287cfadb669224685f3cb42d41a0621c663fdb7ae33d2eae2699038

Analysis

max time kernel
150s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
Size

4.1MB
MD5

cf75a86e11d2f4768f372d5edb974a50
SHA1

dcadfa84f0a7f2ad36277b8e0fbe99ea44984076
SHA256

07a9ae340287cfadb669224685f3cb42d41a0621c663fdb7ae33d2eae2699038
SHA512

c4f5bdf4c429d93af6193d6d178b734ba1205d5a8b69174b2bc589d70d1c42a80b89d55637d03b535f9ffec635f490d28b85667b7aa001a13f07adf2b6a8a8b9
SSDEEP

98304:+R0pI/IQlUoMPdmpSpK4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmt5n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4728	xbodec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\IntelprocRQ\\xbodec.exe"	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\Vid69\\optidevec.exe"	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
4728	xbodec.exe
4728	xbodec.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 4728	2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe	84
PID 2344 wrote to memory of 4728	2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe	84
PID 2344 wrote to memory of 4728	2344	cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe	84

C:\Users\Admin\AppData\Local\Temp\cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cf75a86e11d2f4768f372d5edb974a50_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2344
- C:\IntelprocRQ\xbodec.exe
  C:\IntelprocRQ\xbodec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\IntelprocRQ\xbodec.exe

Filesize
4.1MB

MD5
8f34ec48187a332d7e04d2c5339f826c

SHA1
34c3a5c6436b69d9d75557e173c39c06614992ce

SHA256
4b243e8019fe6b3c183ee391d137b97cfe180b878dfa760b05cbf28a137e44a9

SHA512
2344b6f431be487cf955d5d269368b0a8afac241801121141aba3bf2e6c1e0637da929e74815806db421cc726994abee3f0846df1603de8c52a8887d8fbf99fb

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
207B

MD5
a206bd3b65f3b94e58d8a50886192eaa

SHA1
5cc7588ae5c38eadf6a13740728fa1fb6dc48a84

SHA256
6373a83ed3f6f6b68c26e61ba0ddf9de93cf1b56899b7f3d7ed31a92777944b6

SHA512
b15b074091da22e3d1e5076fdc4e33d3c88edcca50e0c72b5655e91f8d53f214b7e74c541995c48566cc7a2f8452f71e2b8ea78e3b9ee920cfd405c85fbe603f

Download Submit
C:\Vid69\optidevec.exe

Filesize
4.1MB

MD5
67a34ed791c1b27aaa88635481d012a6

SHA1
6acb61421e68984527c49634d8e4cd3d11463fc4

SHA256
c10cba3df5c78b25a61eb66a52765b39f99b093757ea930c7081f4b2d89c9e8a

SHA512
688fbae8287b2d7a06094f4823f406a808ce1e6a16cb5f2a974866b654067b24b4aa12ca9ae7396b438ba05ccc5e4ae1991d4f495d409d93e607171af1073581

Download Submit