Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
25-06-2024 11:38
Static task
static1
Behavioral task
behavioral1
Sample
5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
-
Size
4.1MB
-
MD5
3e4e34dcc4d4561322639a808174aac0
-
SHA1
602bd517b1caa0657638dc012f8bb15c5866478f
-
SHA256
5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522
-
SHA512
ad42342bb841fa0799c0c7abcc975acc070c777e6f99622018b4abef665ce847be51b40f53b8ff409be10d426e9506e37203e57cd1b032221d2868fdccee17db
-
SSDEEP
98304:+R0pI/IQlUoMPdmpSpl4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmu5n9klRKN41v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2004 xdobloc.exe -
Loads dropped DLL 1 IoCs
pid Process 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Intelproc8F\\xdobloc.exe" 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBIV\\optidevloc.exe" 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 2004 xdobloc.exe 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2444 wrote to memory of 2004 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 28 PID 2444 wrote to memory of 2004 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 28 PID 2444 wrote to memory of 2004 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 28 PID 2444 wrote to memory of 2004 2444 5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Intelproc8F\xdobloc.exeC:\Intelproc8F\xdobloc.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2004
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.1MB
MD57091c853f27cca879d6925c8ee3949b0
SHA1b5267b1fbee15dc60b3613e5b2ff4dbdbe96839d
SHA256f02e46ff3455ad9162b6e5415da6d72870e6f5de0079b2285fce4b4b8471305e
SHA5127b52bfff96b082a13e01922617b2d6c3dffc43e73e360113d911e2caa1b513f4bfee279d09098d873c47ba2160629ff139e157f97cb1de004657692a907de814
-
Filesize
208B
MD551db1143f59d9bef9ef6bb87351d3fa8
SHA1e531f8b27827a4c4d6086dfc197510f51d4321fd
SHA256b8cf4da566ad2eeb76363fc5dbe787ee6cf3def31df0117fc478a31fb5e236d1
SHA51214055d2bddb3ca35ef7a8cbfa1a065362db259ed975db1671f0ba417ee418b87549948bf1d5475134cc1a98e5a5be34d5ec918e006f3d2685b274f88cc227e45
-
Filesize
4.1MB
MD55a495d03c6b1a479f12133813a582d94
SHA1ea8c3390720609429d39d36b21c97fb7a6352621
SHA256482208b78df12e22a508330bbc5f92204e5a52442e823a16fc5ab50e3163412c
SHA512433c714cbbd70af9101a5a4de9e3b2c355248efc352893c6a3ff3c582a54310a4fe3d08c8b0661900a71f1ec5bb295f98b8cb391e617bd36b3e85779ddbd7e89