Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 13:02

General

  • Target

    76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    2649dc03a660a93d51e5a255764c2b70

  • SHA1

    c39c2d20a67151dc6061a31fa1e1425a2cf5e26b

  • SHA256

    76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768

  • SHA512

    0479fe230358cb2a4122ea7434e48a81ae1514b1a9af7d61767a4c733b6463f172595f26e2b26f3d01fa197df7a8c4dcdba18035c16e532350c63e6ee7c3757f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB/9w4Sx:+R0pI/IQlUoMPdmpSpL4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:536
    • C:\UserDot0U\devdobsys.exe
      C:\UserDot0U\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\UserDot0U\devdobsys.exe

    Filesize

    2.7MB

    MD5

    02dfe7b522f40976f2c6384608400a43

    SHA1

    15f0c40ea11367bc9809f3e54d500e407dc38e4d

    SHA256

    e9beff4282862fab35fc8ad4b1ee6dfc7a266e991b3eea29d82556d2f1c1440e

    SHA512

    4ebd96b9cfab61f929860761641b86c05a78d1d99700c4a7e54c8633d7bd81a3a13676f6d357eb7d4de91a0fc0ce80c29b056c300dcb904c5296f0ca2d8fa85c

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    210B

    MD5

    0b20a4f6e417702fa93548a308946cb0

    SHA1

    bbefb7fb7792543b9df087d2ac03ccbcc6bf3ed9

    SHA256

    b431efa7cffc640dcad7d9aab5a94590e7f23a7152bd2ae1eba057e140c6dae3

    SHA512

    e28532a7c45c703997d0233b514b8bdd3f53c0eebf2b0ba4b7e77943eebb0c2ade05d94cf264efd9f66b080c958d6c65d7838f365b521040b90fdc82b0331c64

  • C:\VidAL\optidevec.exe

    Filesize

    215KB

    MD5

    6f4d48303718d9240772ef27378f4d8d

    SHA1

    765ae0f2a1ad82d49548c0e5f3248976626a83af

    SHA256

    20be322d14d645fa7e012e0ac70f2d0b221f8289c1633fd0115f5a4cb030702c

    SHA512

    03059c399f69cd209cae4e7e2b7be5e1dcfba3667af4cb4f3ee0792b78b8585e205f40f57fa4b547fcdb7c1d027442be4e60b80d0457dc34cd82dcc54494e32d