Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
17/06/2024, 11:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe
Resource
win7-20240611-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe
-
Size
53KB
-
MD5
883526e096c7098f18c4d72b88248f20
-
SHA1
0adf5c819f565c5d92de04ba257482d8d04abcba
-
SHA256
91011c73e561813e5081bfb6f6fbd2922e32e9d3be11c084c19003d81fa770d3
-
SHA512
dcddc16390b1e59458d7a0f397e7931090a8b892b6e267cff1d15605a7c8071da433a68d4772160bc9e3e275eb0b7ddc6356f4bc0091aaebc6d1c66c5ceabcf2
-
SSDEEP
1536:vNpg8r8QJ4nlw7Kp3StjEMjmLM3ztDJWZsXy4JzxPM0:t4nSJJjmLM3zRJWZsXy4J9
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" heouse.exe -
Executes dropped EXE 1 IoCs
pid Process 2812 heouse.exe -
Loads dropped DLL 2 IoCs
pid Process 2424 883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe 2424 883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Run\heouse = "C:\\Users\\Admin\\heouse.exe" heouse.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe 2812 heouse.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2424 883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe 2812 heouse.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2424 wrote to memory of 2812 2424 883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe 28 PID 2424 wrote to memory of 2812 2424 883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe 28 PID 2424 wrote to memory of 2812 2424 883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe 28 PID 2424 wrote to memory of 2812 2424 883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe 28 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27 PID 2812 wrote to memory of 2424 2812 heouse.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\883526e096c7098f18c4d72b88248f20_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Users\Admin\heouse.exe"C:\Users\Admin\heouse.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2812
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
53KB
MD58128fd3959015340278b5ed91ea51d09
SHA131a92aa47f1d7c862ba1c60c7c0b96068ef0e546
SHA256e00f3cf817c2fc848d027267644cb563d5604d6ce8a23fc862fe64b4320fcf5e
SHA5122803d3201db71cf9bc1d6fad6b8003b24337fb7567e408c6addb030b8114451e9aaca1242fd4c15be84adaaaaa3e355804290c997a86f7a0946ec0924bf6a89e