61ddbe58a2fa6e96c433a267f3886ed259900ac878451a5ce2aab2d984e48bcb | Triage

Submit
Reports

Overview

overview

8

Static

static

3

61ddbe58a2...cs.exe

windows7-x64

8

61ddbe58a2...cs.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

61ddbe58a2fa6e96c433a267f3886ed259900ac878451a5ce2aab2d984e48bcb_NeikiAnalytics.exe
Size

2.7MB
Sample

240627-hzbhmsxhpd
MD5

4d9a1f961f123af9a70d205aadab0840
SHA1

3a13b0822fbba0a5518126e7de06d3e7ebdf00bd
SHA256

61ddbe58a2fa6e96c433a267f3886ed259900ac878451a5ce2aab2d984e48bcb
SHA512

1044ce436c414b46375492054aa911bab0c54f529a037e602a16ba88fd4be4ba086b35f52a9412d1be4071306447dfb49d51828601a329dd671fc45870e90793
SSDEEP

24576:E6UeWKwmEpuXRGEUHkT86JdNFtGvMy/E8vQsJfyqoNP1zk:E6UVKQpgo1kjJavJuufyqoNdk

Score

8^/10

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

61ddbe58a2fa6e96c433a267f3886ed259900ac878451a5ce2aab2d984e48bcb_NeikiAnalytics.exe

Resource

win7-20240611-en

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

61ddbe58a2fa6e96c433a267f3886ed259900ac878451a5ce2aab2d984e48bcb_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  61ddbe58a2fa6e96c433a267f3886ed259900ac878451a5ce2aab2d984e48bcb_NeikiAnalytics.exe
- Size
  
  2.7MB
- MD5
  
  4d9a1f961f123af9a70d205aadab0840
- SHA1
  
  3a13b0822fbba0a5518126e7de06d3e7ebdf00bd
- SHA256
  
  61ddbe58a2fa6e96c433a267f3886ed259900ac878451a5ce2aab2d984e48bcb
- SHA512
  
  1044ce436c414b46375492054aa911bab0c54f529a037e602a16ba88fd4be4ba086b35f52a9412d1be4071306447dfb49d51828601a329dd671fc45870e90793
- SSDEEP
  
  24576:E6UeWKwmEpuXRGEUHkT86JdNFtGvMy/E8vQsJfyqoNP1zk:E6UVKQpgo1kjJavJuufyqoNdk
Score

8^/10
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy