Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 13:02

General

  • Target

    76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    2649dc03a660a93d51e5a255764c2b70

  • SHA1

    c39c2d20a67151dc6061a31fa1e1425a2cf5e26b

  • SHA256

    76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768

  • SHA512

    0479fe230358cb2a4122ea7434e48a81ae1514b1a9af7d61767a4c733b6463f172595f26e2b26f3d01fa197df7a8c4dcdba18035c16e532350c63e6ee7c3757f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB/9w4Sx:+R0pI/IQlUoMPdmpSpL4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\IntelprocUB\devdobsys.exe
      C:\IntelprocUB\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxB2\dobdevsys.exe

    Filesize

    2.7MB

    MD5

    34616003494371c6b271806419968a0b

    SHA1

    dfcc96e884585dcbaee7f08d0392963f800e6636

    SHA256

    9a43b388868831fccf641741b6339572a105a8c84ed60d8337a505f0c8882e83

    SHA512

    f3954ad4426a3207f1bbe17af4f533af1829c1f7ea7972d6f395aff64dbf8c3d02f654a2d1b123c1e66da22a0e66cb321f44221a3d7f46696cdab208ca703b9b

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    211B

    MD5

    86a2859a47aced9790ec2a602638be52

    SHA1

    59a4b494c7eda4329ecf6bd48c7d04ab53e393f4

    SHA256

    b8e97c6d465e06b3309301a3ecdf6475f3eab9dff60f018a1dcf1770d08329ff

    SHA512

    12f8e52d286f323a7bc4a0e6cac6f500c88727096165ad82156c27e7dd60d43229540daa91fea6cdc0a67f9186d37cfb8a147c01c6b916cd9b500ebf290b573a

  • \IntelprocUB\devdobsys.exe

    Filesize

    2.7MB

    MD5

    b73bec49d3272a29c57ec52097b83c30

    SHA1

    b103df643d0d7a1ed7f34c43c0a1ee2284b43d8b

    SHA256

    1294b8e48cbbdebb8f05e97fa3f1243d24e87abee7407766e26b4fc21087822c

    SHA512

    1d9df5fd741e062803df0cbcff9a3fd031545a6f1e30deed6913dd483569c801cd557ce073183abef602d9b52d805a63331bc08dd1f4d538ca3d27ae72ab4339