Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    25-06-2024 11:38

General

  • Target

    5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    3e4e34dcc4d4561322639a808174aac0

  • SHA1

    602bd517b1caa0657638dc012f8bb15c5866478f

  • SHA256

    5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522

  • SHA512

    ad42342bb841fa0799c0c7abcc975acc070c777e6f99622018b4abef665ce847be51b40f53b8ff409be10d426e9506e37203e57cd1b032221d2868fdccee17db

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpl4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmu5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Intelproc8F\xdobloc.exe
      C:\Intelproc8F\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBIV\optidevloc.exe

    Filesize

    4.1MB

    MD5

    7091c853f27cca879d6925c8ee3949b0

    SHA1

    b5267b1fbee15dc60b3613e5b2ff4dbdbe96839d

    SHA256

    f02e46ff3455ad9162b6e5415da6d72870e6f5de0079b2285fce4b4b8471305e

    SHA512

    7b52bfff96b082a13e01922617b2d6c3dffc43e73e360113d911e2caa1b513f4bfee279d09098d873c47ba2160629ff139e157f97cb1de004657692a907de814

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    208B

    MD5

    51db1143f59d9bef9ef6bb87351d3fa8

    SHA1

    e531f8b27827a4c4d6086dfc197510f51d4321fd

    SHA256

    b8cf4da566ad2eeb76363fc5dbe787ee6cf3def31df0117fc478a31fb5e236d1

    SHA512

    14055d2bddb3ca35ef7a8cbfa1a065362db259ed975db1671f0ba417ee418b87549948bf1d5475134cc1a98e5a5be34d5ec918e006f3d2685b274f88cc227e45

  • \Intelproc8F\xdobloc.exe

    Filesize

    4.1MB

    MD5

    5a495d03c6b1a479f12133813a582d94

    SHA1

    ea8c3390720609429d39d36b21c97fb7a6352621

    SHA256

    482208b78df12e22a508330bbc5f92204e5a52442e823a16fc5ab50e3163412c

    SHA512

    433c714cbbd70af9101a5a4de9e3b2c355248efc352893c6a3ff3c582a54310a4fe3d08c8b0661900a71f1ec5bb295f98b8cb391e617bd36b3e85779ddbd7e89