891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
Size

4.1MB
MD5

78d0e89b677dab72bc401b2841a97da0
SHA1

da8274142a4661a0f5b6b1824a22e3ccaad177e8
SHA256

891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024
SHA512

b05d9c3ef3f605da3ad1f80745f40bc8659114bd6c67bd3c398f50587e60a0f292484a223e8fb9ac7b7d29b2df85a4c86ab343f7a8ec1ed11a0eb748fe8bf14f
SSDEEP

98304:+R0pI/IQlUoMPdmpSp44ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmf5n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2268	aoptisys.exe

Loads dropped DLL 1 IoCs

pid	Process
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\IntelprocBG\\aoptisys.exe"	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidSB\\dobxsys.exe"	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
2268	aoptisys.exe
1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 2268	1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe	28
PID 1844 wrote to memory of 2268	1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe	28
PID 1844 wrote to memory of 2268	1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe	28
PID 1844 wrote to memory of 2268	1844	891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\891b9a4353c5c8a151ff56ea3f40c53cf5f2b98b6b149bec78080f40c9501024_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1844
- C:\IntelprocBG\aoptisys.exe
  C:\IntelprocBG\aoptisys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
205B

MD5
b131ebf0c3cf02276ce581af1a12bf33

SHA1
6623ad649fca35eb322ffdb4440fabbe662c3c7b

SHA256
ea55ad0376209f13fe413411bc58f42bbd9dc56fddaf513c780037737c561d90

SHA512
988a92c69201ba60996e1937147186951bb184806dcc69256cc5e63441ec098027be7e5422b769237a93a56b826f8f9c623c3049f453dc3bb8a92c0934de7111

Download Submit
C:\VidSB\dobxsys.exe

Filesize
4KB

MD5
8eb2b86d56c013adbcd0b59d7e011880

SHA1
9b7f8fbb657667bab646452f48a1348653e81d45

SHA256
51d699bdd3b8d14f372ba605ae8f322f9959039c6c6b29c39093d7fc670bb4cf

SHA512
3a426dc07f6f46f499b36769e2137da9d589f16bd4cdfbbe6b28b02e5e4adb04cdfb8a021f5e2591100e81c24f3e87ef8f767c5736721391fb8906ce287ae05d

Download Submit
C:\VidSB\dobxsys.exe

Filesize
4.1MB

MD5
9c8f0cb5ec258fc59a9291af2731eaa5

SHA1
5a996c7db78cab44dd6c068741db49e3f60702d2

SHA256
7caeaadceb5fe84caddfbeb96d95c74c1c496dc0d03b94c4ad2b3d4108880c20

SHA512
0a1460511d69a4747efaeec192ffb6a823047b04bb316ed0f32de3cb88b07a6ffa2850e5f8131b057f5b5db748ab38badaa922e36fc3c75c6c5103bcf3cee07a

Download Submit
\IntelprocBG\aoptisys.exe

Filesize
4.1MB

MD5
e22f9d5a9d0545f0b36b4766b04cb61b

SHA1
5184235a6024dfee16b5ad527e801f244c95471b

SHA256
de9127bc020020d2cdcda31e5e99f488c9defa6f01f4a371260546b8ba57e02d

SHA512
d7d5ef8c4c9ce1a3497d391618ebdbddfc6a2ae08797f52c139ffa53f818e48c0846ba677ef26183a8e4afcc349e368ebd197e7525bea421230d4375b742c674

Download Submit