Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 12:44

General

  • Target

    637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe

  • Size

    29KB

  • MD5

    58cda033ad14dd71ffc5ab0eb221f670

  • SHA1

    cc8e606569cd18c37303bd91b967309ccb50688b

  • SHA256

    637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2

  • SHA512

    3a7a63a86ca16c48899811bc62ce4e80749f7b53b81075bb9541218dcc6aef1199283e1f78bda8b8eb65bbb228a23755c99e3863eed08873c0c9313188d0d812

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/nb:AEwVs+0jNDY1qi/qPb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 29 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1076

Network

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e0ea965508b1cb88787a4a409adad46

    SHA1

    0331555e1a6ce359b05604fa6a199454d4fc3787

    SHA256

    57be498c69cfd53420d3e545b2351e53f4191b31108a253c69112b7580790f2b

    SHA512

    ec1d5c40d7d80fad20df78cb88ed6ff4ba333eca5245565f0b51d7f86586444983c08b58b7eaa36154a756ea388bdbb765ea1575a50386df9d41ab0443015a16

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85ff71c42da9aab022d06fc241f99a1f

    SHA1

    d76bd9f3e398b40349dc22bedbb7d88d3e5fd63d

    SHA256

    bc8431ca1853b01042d0b510a64b1ee4d32c054ceb74e7ce65394787c316e9e9

    SHA512

    f8a1bd634179faced866be0821d4d427e42dbb36d55695d0b34c4338cca733ff38ae911f72fb0bcb42e1f56f9543bf3e8bb875cfa70a3c13b5b2c99085e0c486

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc841aa40cb0186fab4dbbedd3bc1a32

    SHA1

    28d9a7698511813cbd336fa371dafe6421489da2

    SHA256

    4e2a624f12a7d3af22fa1b0478bd760d8e94ef332e4e30a8f103e4106e58c8a6

    SHA512

    7e306fed6bc1f518cd031120d67eda362a62d6c672748ba6bc591c4fcce99654c7f6933ca7b496446ee2cd9c184d85b83cc42f197ad235286a4e7aa1feff4a41

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    402ecd152fad7ee6b3316f040929c64f

    SHA1

    d11424e32c0af77fa45ffc63d2c840ef3d38527c

    SHA256

    39c5ae00209f73107dbf13b514a0e4749d120574dee2c7a2abc8233462996f61

    SHA512

    78d3c47607f6cc054baabce300102b77dce5c4b464726f42fcd477b5d3f96bdcc8606c7b1cb5f4cf7866ab1f6714561171cf3a314c188a8c9ac6db070f0dbf43

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\search[4].htm
    Filesize

    143KB

    MD5

    e232e1638623dc237a743e9549ad6474

    SHA1

    3e71b93c10e16548f198400a0ff020ef53b46e5e

    SHA256

    7237c43453eb9a35cc505f0e3fa7ff9b759c8e1daed727a71ec77ed7a81e17cc

    SHA512

    6ae2464ffbb8e5e60f5ba2ae2d1e0bf186ccad0d1f81b3013f128557899de52f64a19bec3ff8c3113b7a5903f88eece5903db4f76b744d335452b20d1eeaebd6

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\search[7].htm
    Filesize

    156KB

    MD5

    5baf981acb81312b10a661d7804a073e

    SHA1

    9f774656f1a8f6b3b9b436df8294748d23e29227

    SHA256

    8569581461c3293e81ee79c0c194ee0f7f443a7fb793d6d5cc8b65487ae18c71

    SHA512

    b5681d1ea78f645b5386bb6d998bf50e6352f7226001c6c1fc068d68daa762cde1e4abdb17eb2c968a94547adda2ab36813eb708d726dd79969e3c27236fb62d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\search[7].htm
    Filesize

    123KB

    MD5

    4e92f0cd7c1167dedcbb30c618c05f64

    SHA1

    82672ee3fad846b1736466643f91c6be8ba56b94

    SHA256

    22490c41806c40782c89899b8909da702fd19039ca3d89f27dba3a45c73403ef

    SHA512

    652bad0bfbad57f7e0d0e097abef45fd2255d890b6595f54c9f93218a49800e4ef533e045f92d23e59208db66318fce2705b078d232896c60c153e833af9a8b9

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\U3689LP9.htm
    Filesize

    175KB

    MD5

    dc07ad1c179d145bd96895ab3b21cd73

    SHA1

    3741e6ccb033a1c0e7f07c084385888108fb9ac2

    SHA256

    d19f435ca980e239b99e9965e9db44798f8aa8c1a76a5f193d2395ccc48fb236

    SHA512

    843715e97f93bbd29c29e97428d6018712eff0bce272895f2bcbe48599f0724b3e546da5503b0a142d60fb8c6b5475d18b684ab0966ec40a4abbf15cbdf21511

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\search[3].htm
    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\search[4].htm
    Filesize

    147KB

    MD5

    3fcd677d588f98ae7fd79c0987170b54

    SHA1

    5716786d0faa9536ddc00dc049c29f6a0aa7446a

    SHA256

    1f608be986d0ec9e75527eb57baff78f17257deeb540aae08010d228cfb070e0

    SHA512

    7a85b8826ed4acbd214bbbe42ea5a964548f25840cb914a28e6b22ae6438656c58579dfae18a42851fbe33d8fef20e7e9e01660fd3eb52b7dde0e36b929aef85

  • C:\Users\Admin\AppData\Local\Temp\CabE1E0.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarE310.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\nhElkwbtb.log
    Filesize

    288B

    MD5

    4639a6b122bc7c94b346730630e7eafb

    SHA1

    d0d4f470b16bc3ce28e59b1cbae7d938826e5a15

    SHA256

    3ecfcdf498aaab29a1775d18dd88537b3e12b751a982da89c5de64772cc46964

    SHA512

    8fd96f2615cf5d9e32b154264f7d9c83c5581f93ef5a6e0492ed8e08c27db8d2b3c6affe2fb0bcef95828be98651d2c889c8f190dc36152cc9297aacbc38f544

  • C:\Users\Admin\AppData\Local\Temp\tmpE6F5.tmp
    Filesize

    29KB

    MD5

    78a325e0de6fd956726c3308accb716b

    SHA1

    a634be6c9f34513eae76d74409ef1e8c4d009c0e

    SHA256

    9badae61096ce892f3943fee6f89309339753ca8a9066b292afdad62dfea4aa3

    SHA512

    a37cfbf2a4a8b03cf9e3ec9bcae46f0bc2b24b24f00116dced346fe608a5f11e7e44b4d571c698221efbb4fd6856f7c73730346112a27ad8b335d4e408a9eda9

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    fbc9222d4bdc4245b0272936e8b71285

    SHA1

    7b73d1c94057c51ad5bacac19648dda408374339

    SHA256

    a6d0202843c2b1b14f750351216e705843cdbce3f169bc96d36b18e9b014ff48

    SHA512

    9a2b5f922567bb608b629e124b90208a2d6d7a8d04a7da4a4a3e57e942f697f420505ca44bc17065f0234896bfde3ff3ce0f9e6553cfec694c11bcf61b8b9fcd

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    5a34c328a7a118b41f141e40f34c58f9

    SHA1

    3ae7a84167f17d3ec98d5ea3f799322be20201f1

    SHA256

    6c20ac97502a608a94ece2ea1f8afeb2af51c8771179bbd678aa0af94e5b12c2

    SHA512

    d20fe0477bd54198efcbf5900494090a7a38f4b0b0491a2628cb6e2a236ce1b79d706e343ada3914e520d6f59d47963c9f6b8daffdbb111266e54a3eea80daee

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    18d630d09adea84d051088131050d403

    SHA1

    1b90b2125a1ca4f9b9ac6aa6cba0114dbe2df92a

    SHA256

    5fd40c8f5184b1ee0233e70aa91bbd2ecef6425e02df9bb07234c746f3043dc9

    SHA512

    38ca13eb569eb05ef4bb094086c75d92a1235f9c678bc4173311dfe84029e8b00a8c177f41a49bc13749cf54bbaec9caf18668201c41227cf51bace8cbd9f790

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/1076-443-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-47-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-63-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-21-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-65-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-70-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-470-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-58-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-51-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-53-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-474-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-28-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-16-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1076-26-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/3000-64-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB

  • memory/3000-27-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB

  • memory/3000-15-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB

  • memory/3000-0-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB

  • memory/3000-46-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB

  • memory/3000-442-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB

  • memory/3000-50-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB

  • memory/3000-62-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB

  • memory/3000-4-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/3000-469-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB

  • memory/3000-57-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB

  • memory/3000-473-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB

  • memory/3000-52-0x0000000000500000-0x0000000000510200-memory.dmp
    Filesize

    64KB