3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0

Analysis

max time kernel
149s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
Size

2.7MB
MD5

dcfb275fdc8ada04f40dfe272fe5cdf0
SHA1

f7dad4569b90fc5e5a34bbec9adfd718bdc1f015
SHA256

3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0
SHA512

4100790d103504d728621c4dc9bc76e9a50364e790249e7d64511b5c30b0914a35091f685f46d500f58dd686805087f477d15aa39d25d46059ac2efd5c601fe2
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBP9w4Sx:+R0pI/IQlUoMPdmpSpf4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4640	abodloc.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\AdobeDP\\abodloc.exe"	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZOV\\dobdevec.exe"	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
4640	abodloc.exe
4640	abodloc.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 4640	432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe	81
PID 432 wrote to memory of 4640	432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe	81
PID 432 wrote to memory of 4640	432	3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe	81

C:\Users\Admin\AppData\Local\Temp\3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3ddbe43146de5371a95763ea42401eb0509e630640afc40bd36346cba33deaa0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:432
- C:\AdobeDP\abodloc.exe
  C:\AdobeDP\abodloc.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\AdobeDP\abodloc.exe

Filesize
2.7MB

MD5
5f517dc768d57e17d4e1009dfe8d1606

SHA1
25f9b0d9dcaceaf4fa9ba2ea599b1b29bc8f8dce

SHA256
537d96d351c26dc0101b71889ee89b53829f5678465fa42437eff61aaa8acd7e

SHA512
ecdc092ae9b9f38ddf386aed24c4ecae238eea79b7cf7ed2d5459d55002f06360801b86e5667a687ad865a9e31fb8f490148072f7a93d92fc1bfd61a1472fc1b

Download Submit
C:\LabZOV\dobdevec.exe

Filesize
8KB

MD5
18f9e5889b79178d8757b18c8d1b67d3

SHA1
e70ee94d53ceba1eacdea91d5af71a2203f08ea9

SHA256
187f66f9d8a67e69a32c5d0631666f1a7594d1207f37d94d421023d225ed6c14

SHA512
b64bd79cae188097cc91a99887efef58804ba8948745a6bba8e365bf023d7c107be2433b4b8f12720994b00e45c51902ddb1a9042db65adc85c64fea360b76f2

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
202B

MD5
23e957d86f53fb823bdf0fb5d1d9f3c3

SHA1
6c9be2643217468256866962b35bd740c07bdcc8

SHA256
c0b740030068ad810dc8978b0e2ea85b789ee06054197e6d2b2bfd261463f698

SHA512
d4987af13e90f03d32da612e8c5ffae47f0072d7887c639cd668ca6e82463fbd5504de6ff2e8c91f85b697dcde15d8fece5e7620e50762a1470810db0fef8eff

Download Submit