Overview

overview

8

Static

static

3

1a0d6fd720...cs.exe

windows7-x64

8

1a0d6fd720...cs.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a0d6fd7204c9f89cb889b5d51f136f6c1e808d0a94e539aba8d626c9b6dbec9_NeikiAnalytics.exe

  • Size

    125KB

  • Sample

    240620-2ymn3a1gna

  • MD5

    da513a59d473b3703afaf9775a5b8780

  • SHA1

    2fcad452b8eb2ff7527c78d6116accf0995a5cf7

  • SHA256

    1a0d6fd7204c9f89cb889b5d51f136f6c1e808d0a94e539aba8d626c9b6dbec9

  • SHA512

    623aef7855834a4f669bc350524b3dcb4b569463abf3c138783dd2dd89599bd02180b5f77a85b86e6e1c64242707640ba8da14fe148db11cc78146596956e072

  • SSDEEP

    3072:YV3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPNh9HxWE5:1t5hBPi0BW69hd1MMdxPe9N9uA069TBl

Score
8/10
discoveryexecutionexploit

Malware Config

Targets

    • Target

      1a0d6fd7204c9f89cb889b5d51f136f6c1e808d0a94e539aba8d626c9b6dbec9_NeikiAnalytics.exe

    • Size

      125KB

    • MD5

      da513a59d473b3703afaf9775a5b8780

    • SHA1

      2fcad452b8eb2ff7527c78d6116accf0995a5cf7

    • SHA256

      1a0d6fd7204c9f89cb889b5d51f136f6c1e808d0a94e539aba8d626c9b6dbec9

    • SHA512

      623aef7855834a4f669bc350524b3dcb4b569463abf3c138783dd2dd89599bd02180b5f77a85b86e6e1c64242707640ba8da14fe148db11cc78146596956e072

    • SSDEEP

      3072:YV3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPNh9HxWE5:1t5hBPi0BW69hd1MMdxPe9N9uA069TBl

    Score
    8/10
    discoveryexecutionexploit

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

File and Directory Permissions Modification

1
T1222

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks