787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Size

406KB
MD5

b87b900251df97f5e041d7a4ef8e2890
SHA1

fa60a156a37ec6426e5de379ad79b039aefcc69c
SHA256

787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c
SHA512

e9274be952bd2923a93c5021bf39063d5aea138d6937026f106fb02a385fa56d562df87f70508fd43228dfe377b9b46b13fc297fc7b971da4a473e61c8d4d7bd
SSDEEP

6144:6sxm+QHH9FSgaEx18L3X4BuLHlNdpSKMYLDYwVPBXAHTVshVdP:6sw+QH+gR0LFxlCJgVh

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
File created	C:\Windows\system32\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeSecurityPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeTakeOwnershipPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeLoadDriverPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeSystemProfilePrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeSystemtimePrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeProfSingleProcessPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeCreatePagefilePrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeBackupPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeRestorePrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeShutdownPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeDebugPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeSystemEnvironmentPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeRemoteShutdownPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeUndockPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeManageVolumePrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: 33	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: 34	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: 35	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeSecurityPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
Token: SeSecurityPrivilege	3068	787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\787d8c0b4b2bfd8fe14682d2d0b3cec25b9d9e64b193e7b1a3adec2c633f2b9c_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3068-0-0x0000000001000000-0x0000000001069000-memory.dmp

Filesize
420KB

Download
memory/3068-11-0x0000000001000000-0x0000000001069000-memory.dmp

Filesize
420KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads