Overview

overview

7

Static

static

3

5e09ab32a8...cs.exe

windows7-x64

7

5e09ab32a8...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 11:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e09ab32a8a5d04919a31e185df0c936184d0fae63a76415581db040b0f88428_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    43065b701908d6ff3097fefa7a7dd7f0

  • SHA1

    99b522d4d60d75e0bf2c835d4b294c721a34bc73

  • SHA256

    5e09ab32a8a5d04919a31e185df0c936184d0fae63a76415581db040b0f88428

  • SHA512

    ffb9697678105de12f84bffbfde1a3f2f03f895bc01da42d95c7d841ab8fdc4e69c8c13e83a492c9acdc2d38f9f76bcc76e524cc0b01b246cb8fc0c4653a7c2c

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpb4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm45n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e09ab32a8a5d04919a31e185df0c936184d0fae63a76415581db040b0f88428_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5e09ab32a8a5d04919a31e185df0c936184d0fae63a76415581db040b0f88428_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:396
    • C:\AdobeA0\devbodloc.exe
      C:\AdobeA0\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4128
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3940,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8
    1⤵
      PID:4436

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\AdobeA0\devbodloc.exe
      Filesize

      4.1MB

      MD5

      b51f5b1dd2fd381f675af64c14fcdebe

      SHA1

      f5dff75d58880fc196f2b91fbdee55967b77216a

      SHA256

      241c88679d27d82990929cf1f489317876c07ecf9217896f5a1195079a5bf0a0

      SHA512

      0b6916b9662ee0e8f22956c66bf6d6a5318fc68a272396e6eb4dc3890048e9aa3051696f1b6f9d07416c2a62474ee5bfa26d916365bd19e1b7b4a8c8c3715370

      Download Submit

    • C:\LabZLA\optixec.exe
      Filesize

      367KB

      MD5

      28cf526eb7a3fae9d65a10768836430e

      SHA1

      64ba3912719b6f328df83870fdab16045721388e

      SHA256

      d60dfa9f7a0e54b21165630999bcf976ca4de87b052d9113c8a79ff836cdd89d

      SHA512

      4acc144b92b7ffbedef5754665932313bae41fb1154e60a863d502ca7c7f04a50ed2b7e17ab5428f26ac97422b5582b26dcf6424b05ba444dc6fb0bb6473fb6e

      Download Submit

    • C:\LabZLA\optixec.exe
      Filesize

      4.1MB

      MD5

      9a1fa8cf08c9884220327071130f246c

      SHA1

      e79898a8cf58266d574f5ae3dbc261e97a4adf24

      SHA256

      f4683a59cba25f8671cad84eb9f079cf294f31d5289617eb29b2433397a4eec9

      SHA512

      034a23c7c4544a56cba0f68f7aeb6f14b9cbb7d058fd5c66dc42f9e39bc26319af3aca2009b165effb5b5f241446f74305c9463b81891192c99de52822c5c9ff

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      204B

      MD5

      0772a813ce01ab18c59afcf88c85adf2

      SHA1

      0cdb5dcaf2dc111bd5683ea9fe1a7c9835c496c5

      SHA256

      f8a4055d16f1e9c4482046c75b3804a1773721be3bfff0b6842bcf161eee08b7

      SHA512

      7cadaeb4a2db767662b4cfaa48924708ebf70e8ad7efa1c2183f6c5b10e0d91d17c779c4597113b6737c61cc7315eb5172e6459e267c4df6f65a75f126d8e231

      Download Submit