2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 22:11

Target

2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f_NeikiAnalytics.exe
Size

448KB
MD5

410a08a891f621871bbaaa25911c0f40
SHA1

120ddbc3ee8680d3d54c5af4ac56055d1f3edde9
SHA256

2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f
SHA512

d12d3f193b6e3084a4ae6880520608a10ba593e6459567bd1e1b6c7ae83e7484a1ff9fe78857ea0299f12611997edd0e4fb8873684df8ad992cb17e81d637bd2
SSDEEP

6144:CEPAsxHbPpxRv0jzf0svkEjWbjcSbcY+CaQdaFOY4iGFYtR:LPA+Hbx/v030svkFbz+xt4vF

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2724	XODWPG.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\windows\XODWPG.exe	2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f_NeikiAnalytics.exe
File opened for modification	C:\windows\XODWPG.exe	2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f_NeikiAnalytics.exe
File created	C:\windows\XODWPG.exe.bat	2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1696	2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f_NeikiAnalytics.exe
2724	XODWPG.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1696	2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f_NeikiAnalytics.exe
1696	2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f_NeikiAnalytics.exe
2724	XODWPG.exe
2724	XODWPG.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2136	1696	2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f_NeikiAnalytics.exe	28
PID 1696 wrote to memory of 2136	1696	2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f_NeikiAnalytics.exe	28
PID 1696 wrote to memory of 2136	1696	2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f_NeikiAnalytics.exe	28
PID 1696 wrote to memory of 2136	1696	2aabdf2b16dc48fa4016efa2ab9b1b14793d531e9e78d2680fd1fcb40358415f_NeikiAnalytics.exe	28
PID 2136 wrote to memory of 2724	2136	cmd.exe	30
PID 2136 wrote to memory of 2724	2136	cmd.exe	30
PID 2136 wrote to memory of 2724	2136	cmd.exe	30
PID 2136 wrote to memory of 2724	2136	cmd.exe	30

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Windows\XODWPG.exe.bat

Filesize
58B

MD5
69a51b10903ef65fc2dc75d1ba03d559

SHA1
0ad436beeb3ecf77131a32473b4b9b09fbfe1839

SHA256
4200a8c07fb43e68a235e50095134ff5fce8c5ed88983fff2488912bf1186ea6

SHA512
521bd0488dcfeb4255cebba68c258aa6d2b05ac0c98de60025201e006c4c8610c286472da517c5b8f2e80418c06567862af0c162d47fdfd0357bc9d6b28facb1

Download Submit
C:\windows\XODWPG.exe

Filesize
448KB

MD5
7c60a61092c9da91768feb42af59095f

SHA1
e25b341977ee7b7ab99a6b1f33f4f4935ff35265

SHA256
e25f0a828366db584219bc77b542f9111bccd2d2554f715f0ceef6bb2f2aebec

SHA512
4974f27c367c0b92b65202a438ef47773a63bb7f120c1215676d8c9712c901924b041fe03815f90daef927b708f924e67693ae6cd26fcc1b9a45d9c814b8af39

Download Submit
memory/1696-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/1696-12-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2136-16-0x0000000000350000-0x0000000000388000-memory.dmp

Filesize
224KB

Download
memory/2136-17-0x0000000000350000-0x0000000000388000-memory.dmp

Filesize
224KB

Download
memory/2724-18-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2724-19-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download