01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
Size

2.7MB
MD5

4152c72a385e070014047cdfbde55080
SHA1

6fdaf7620435ae51638759931cfd47d39bffde12
SHA256

01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2
SHA512

b78b2d610d6e233cc3d3b6893d5b99b8a09ad968b42ab2fd85b4165a3068b4b6f2a772dc0d34199bf49c275a5724b4041071521fb08e4bc146b3337d419b6e21
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBz9w4Sx:+R0pI/IQlUoMPdmpSpf4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
208	aoptiec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\AdobeB7\\aoptiec.exe"	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidWQ\\dobaloc.exe"	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
208	aoptiec.exe
208	aoptiec.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3312 wrote to memory of 208	3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe	81
PID 3312 wrote to memory of 208	3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe	81
PID 3312 wrote to memory of 208	3312	01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe	81

C:\Users\Admin\AppData\Local\Temp\01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\01a52614038ad81a8c462d3eacb52da5da9f65c78d45336457eb93dc11c467f2_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3312
- C:\AdobeB7\aoptiec.exe
  C:\AdobeB7\aoptiec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\AdobeB7\aoptiec.exe

Filesize
2.7MB

MD5
da194ecbb9677144f1a31bcd9e7e3ba2

SHA1
c3fd4cfc4e19e6b6f0bb58187f2d3a278cf1f082

SHA256
da3e4f0af1a52abc56f7bed587a5a207475eb11aa37c0c85c06e6f7a22f2ed47

SHA512
02810d7309a0c8810c297428cd816fd255cf72e78690cf15389fbbc533c85c18693aadc328fbcf5ec430bfb2354dc62fadf9077c823ad334f5137a1283d7d667

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
200B

MD5
f278942ae3a4acff710967f136578260

SHA1
a6c2cd32da7ad78243114c79b3fa49081d66d375

SHA256
686ac639e4746f7932a4d2014ad013740f93595aa978f9afe38bd49a6c27c2f9

SHA512
7370a0403ff45b4941d41f35af082dfd81fd252e1d2ec4c6dee4d255133c3421429c877a1b2a601c984b2d5c51fc87cba577e9f82abe0ef146ddd7b6cf707935

Download Submit
C:\VidWQ\dobaloc.exe

Filesize
2.7MB

MD5
14f437b1b217c9de4e3fea2d7b7f3350

SHA1
0d354b9e4461add68535a54ad421e2fe045fbb71

SHA256
e5cc775d263ec22f59c3e0645aafcbbd0ba83485977c3a4c60b0631938d8e8aa

SHA512
fc5631fca49709e372edb2980bfe3d82badc3f1a6b602dd1ffdb950b886fc932614374969661e40e938dd4f3a7006e634bd0933bd971cea0006fde0ab194c9f7

Download Submit