9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7

Analysis

max time kernel
149s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
Size

2.7MB
MD5

3c1d794e0781dc0e550937f3706b6680
SHA1

42d1ec252ce6ef04a354222349b5d43f20ea09d3
SHA256

9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7
SHA512

cbf93304907ee1f7b0440bcf00d61464fbcd22829215b178f1ba9699e5e028beed6629a745d3cf2d76e4af844406ef467cb7d819793ccaf24a53502a3de0b66d
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4S+:+R0pI/IQlUoMPdmpSpO4X

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3996	adobloc.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDot05\\adobloc.exe"	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZS8\\bodaloc.exe"	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
3996	adobloc.exe
3996	adobloc.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 3996	2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe	90
PID 2468 wrote to memory of 3996	2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe	90
PID 2468 wrote to memory of 3996	2468	9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe	90

C:\Users\Admin\AppData\Local\Temp\9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9190d3f48fcad2bf7ada820bda18a0c06e2ae909c8eec1d48dd8ccb7641b7ce7_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2468
- C:\UserDot05\adobloc.exe
  C:\UserDot05\adobloc.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4020,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8
1⤵
PID:4704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LabZS8\bodaloc.exe

Filesize
2.7MB

MD5
2d4967d61f78fff4c15e13a693571663

SHA1
fc7be00921338e82a3b3e953756664da3e3b5bbb

SHA256
411fd388d193611e996470ae02a4ed8b2fcff6ede430f58edf98466841320b4d

SHA512
c685bc56550f3d2bc6c992492859791b23d7247e9cfb36f7989e6c4f7d6e71f9d1febdbfc42cebc7eb68fdd35628c99c9461bd79bbb74dcd69f61fd0c15f35b8

Download Submit
C:\UserDot05\adobloc.exe

Filesize
2.7MB

MD5
0524fbf568136178ea1bc6396ba2072c

SHA1
318bd583f061e2d06bf2ead6733c6e2138d6bce6

SHA256
468c0188961e60b4474e3fb32710ba7e3c2e0cb8970d8dee55f82f15df7fcc96

SHA512
fcbdc2d993433d4f0131739fc868c454ff7a1e02c877bb5ed4c00e527288f02f23dde6267699c9ed412421a91e07b1de939c2f23af16181544ae421f30c74caf

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
199B

MD5
237b195feb018d7d994285b2728a1a51

SHA1
00cd94cff4d8d00773f23ab8c70ab94380168aec

SHA256
abd65176f93242094d43f6a9457e19f20c07126ddd30cd20383140e1109af324

SHA512
3504c706021a2d888ca216686d9103f08895d6806bc5ad0727060b76a409f23e35dd31e3b5d79aa18c724ec60f3419e777acc110cfeab598ddd56b733601e0b7

Download Submit