Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
24/06/2024, 13:02
Static task
static1
Behavioral task
behavioral1
Sample
76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
2649dc03a660a93d51e5a255764c2b70
-
SHA1
c39c2d20a67151dc6061a31fa1e1425a2cf5e26b
-
SHA256
76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768
-
SHA512
0479fe230358cb2a4122ea7434e48a81ae1514b1a9af7d61767a4c733b6463f172595f26e2b26f3d01fa197df7a8c4dcdba18035c16e532350c63e6ee7c3757f
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB/9w4Sx:+R0pI/IQlUoMPdmpSpL4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3008 devdobsys.exe -
Loads dropped DLL 1 IoCs
pid Process 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\IntelprocUB\\devdobsys.exe" 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\GalaxB2\\dobdevsys.exe" 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 3008 devdobsys.exe 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 840 wrote to memory of 3008 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 28 PID 840 wrote to memory of 3008 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 28 PID 840 wrote to memory of 3008 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 28 PID 840 wrote to memory of 3008 840 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:840 -
C:\IntelprocUB\devdobsys.exeC:\IntelprocUB\devdobsys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3008
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD534616003494371c6b271806419968a0b
SHA1dfcc96e884585dcbaee7f08d0392963f800e6636
SHA2569a43b388868831fccf641741b6339572a105a8c84ed60d8337a505f0c8882e83
SHA512f3954ad4426a3207f1bbe17af4f533af1829c1f7ea7972d6f395aff64dbf8c3d02f654a2d1b123c1e66da22a0e66cb321f44221a3d7f46696cdab208ca703b9b
-
Filesize
211B
MD586a2859a47aced9790ec2a602638be52
SHA159a4b494c7eda4329ecf6bd48c7d04ab53e393f4
SHA256b8e97c6d465e06b3309301a3ecdf6475f3eab9dff60f018a1dcf1770d08329ff
SHA51212f8e52d286f323a7bc4a0e6cac6f500c88727096165ad82156c27e7dd60d43229540daa91fea6cdc0a67f9186d37cfb8a147c01c6b916cd9b500ebf290b573a
-
Filesize
2.7MB
MD5b73bec49d3272a29c57ec52097b83c30
SHA1b103df643d0d7a1ed7f34c43c0a1ee2284b43d8b
SHA2561294b8e48cbbdebb8f05e97fa3f1243d24e87abee7407766e26b4fc21087822c
SHA5121d9df5fd741e062803df0cbcff9a3fd031545a6f1e30deed6913dd483569c801cd557ce073183abef602d9b52d805a63331bc08dd1f4d538ca3d27ae72ab4339