5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 11:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
Size

4.1MB
MD5

3e4e34dcc4d4561322639a808174aac0
SHA1

602bd517b1caa0657638dc012f8bb15c5866478f
SHA256

5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522
SHA512

ad42342bb841fa0799c0c7abcc975acc070c777e6f99622018b4abef665ce847be51b40f53b8ff409be10d426e9506e37203e57cd1b032221d2868fdccee17db
SSDEEP

98304:+R0pI/IQlUoMPdmpSpl4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmu5n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1360	abodec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintX6\\optidevec.exe"	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\AdobeJ0\\abodec.exe"	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
1360	abodec.exe
1360	abodec.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 1360	3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe	81
PID 3220 wrote to memory of 1360	3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe	81
PID 3220 wrote to memory of 1360	3220	5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe	81

C:\Users\Admin\AppData\Local\Temp\5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3220
- C:\AdobeJ0\abodec.exe
  C:\AdobeJ0\abodec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\AdobeJ0\abodec.exe

Filesize
4.1MB

MD5
69a2841ae85b605fe7db2ff42d955685

SHA1
e145524255b678be894356ddf5533ded09d9efd5

SHA256
5abb82167c49a02c220ae8025767f8d6db30be93a38a4c39c260d121ddf2252e

SHA512
9bbe60b34989d79c2b36c3e5bc1b0ef0d8b809d3ffdb8a0a14961f5b61e815631775f83cbd7c4929017ee560ff9f1db69c5356badf998f52bfb1bf58a43fb983

Download Submit
C:\MintX6\optidevec.exe

Filesize
4.1MB

MD5
a36136e942bb0150ff8fe854f2ec5dc8

SHA1
58d630ac3cebec6e52659408d89af559f180d900

SHA256
2781c38372834e348e9db42e0bf3e0077699381d3cf1648868619f8db7196f9b

SHA512
e3213da073b883129555ec656df226ff29f057748b01628d978671ba07804de99538f74f2de15ec95c4079c276fcfcc17554b9c5e6cba872f86c131950cc2b1f

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
201B

MD5
76574617056f79ab89dac9af72faf514

SHA1
22d0a416c1341ddd4ca4a44ac1945c7210ddab61

SHA256
380e28c97c87d9ace37b937b2439d4bba0576d1f6cbdbc8abc3410e4e0c2b738

SHA512
831eb5d12b1420d5363adeb5f94317c2e06f703b9994dc4e68240240010f156fb91ba86bded3c39a15e2ff3c2ced3b36f751aca1b08a4dc78de8a830f9ee6b90

Download Submit