Overview

overview

7

Static

static

3

705c3235d6...cs.exe

windows7-x64

7

705c3235d6...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 12:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    705c3235d6fc1e0b0924456aba0101ce50e432aa76197b946ce39c63d6955cae_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    7c8d7b5bda7bf10e94a2ff905c7af8a0

  • SHA1

    f6e6d467f3c3a36e0c2df396a7c0d8b0e8154dd2

  • SHA256

    705c3235d6fc1e0b0924456aba0101ce50e432aa76197b946ce39c63d6955cae

  • SHA512

    8cd2444f140a27d83f9c85cf883f71b8172ce88e92b5727225ffd1f3edf8fa97afcf34d4f2567f80ab9211590b8e0d6ff02788f45cba1ae17dce11f5ae6fa7fa

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSpO4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\705c3235d6fc1e0b0924456aba0101ce50e432aa76197b946ce39c63d6955cae_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\705c3235d6fc1e0b0924456aba0101ce50e432aa76197b946ce39c63d6955cae_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\UserDot5R\devbodloc.exe
      C:\UserDot5R\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2920

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\GalaxBI\dobdevloc.exe
          Filesize

          837KB

          MD5

          5a185fad398e14b086321709f4f4e875

          SHA1

          f9566c1e90abb5759c45dd441769f352440bebad

          SHA256

          56ce6ebdc9f5939a227b0074e15ce22ea9769c5fe182aa9e3f0ce5c2b611a96b

          SHA512

          f1056599c1814fee0c09f5e20d8f53e11b330cdd5ec6fc329d5d0fd6f59e714bd55f380c07c5d02322718ee3620131caf7f6696afe692ea9d4dcaa09d18e65fe

          Download Submit

        • C:\GalaxBI\dobdevloc.exe
          Filesize

          2.7MB

          MD5

          345d41b778c70c47ee07d2b8a82df385

          SHA1

          420430276abd3c253409a7a6347c10028fa304de

          SHA256

          8fb778d0057ef2d223789cb33bd6f989f4039bb4257d5d5f6f9facadf7010f2a

          SHA512

          509161b6cc7b0edcfc17cfc42b776656700a6c1b80edb8d505318a8a68996a04d90cfee7a534ce7cb4d01d6956682f2f31dd5f2184ba1eb8d01b381178a00443

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          208B

          MD5

          86f7a60c142b7a14a8a87307f4ee7896

          SHA1

          be2809e18e93d50c1202d8a29ecd1045a1caf3a5

          SHA256

          dad4105c79cc00803c2877eb49e202c147b2f35cc6fa8e59035f0095ada89ec3

          SHA512

          f48fc90af2a87f113970d30027bd813904b41612d7629478f1857851e32028c602de19fb42808cba65836f8be60f732e45ab14cb50ee2505acd634cb8a7d0c9d

          Download Submit

        • \UserDot5R\devbodloc.exe
          Filesize

          2.7MB

          MD5

          3b6c989bc3a7d85a909cfd2bcd06bd8a

          SHA1

          e6454a0e07c43a18e305b70358ab3458fc9f97c9

          SHA256

          dcf2bf177d9cc467824dbb1e963922648314b4ee27845466d2434d479aaf593a

          SHA512

          c5217ae7f9b50e1ccbf4932d851c9ecf6dde23d598ca63ae4b526465034ba05a6c309d980ec5ef05c09d88490aac973c1fb3491bfe73f1f4da7b3cc701b72209

          Download Submit