General
-
Target
75adbfdd47b0e66d0774f54187125345f1ecca5f5a5314287f32c82606300bc7_NeikiAnalytics.exe
-
Size
265KB
-
Sample
240628-d2pe3ayfpd
-
MD5
3a0b63cac94e79b0cce28ec93ff52dd0
-
SHA1
f47c93a086ee50fc45d66a1bebf962b24702effb
-
SHA256
75adbfdd47b0e66d0774f54187125345f1ecca5f5a5314287f32c82606300bc7
-
SHA512
5a37b035c469dde6ee40a209c6728f2dc791fbe5c1bcd0b30bfa20041f2c6f73b9a0298c46211d27ae0d035f859e9cf7b43f0aa06f7c47db56b20fe52c4da86b
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sK:WFzDqa86hV6uRRqX1evPlwAEK
Static task
static1
Behavioral task
behavioral1
Sample
75adbfdd47b0e66d0774f54187125345f1ecca5f5a5314287f32c82606300bc7_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
75adbfdd47b0e66d0774f54187125345f1ecca5f5a5314287f32c82606300bc7_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
75adbfdd47b0e66d0774f54187125345f1ecca5f5a5314287f32c82606300bc7_NeikiAnalytics.exe
-
Size
265KB
-
MD5
3a0b63cac94e79b0cce28ec93ff52dd0
-
SHA1
f47c93a086ee50fc45d66a1bebf962b24702effb
-
SHA256
75adbfdd47b0e66d0774f54187125345f1ecca5f5a5314287f32c82606300bc7
-
SHA512
5a37b035c469dde6ee40a209c6728f2dc791fbe5c1bcd0b30bfa20041f2c6f73b9a0298c46211d27ae0d035f859e9cf7b43f0aa06f7c47db56b20fe52c4da86b
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sK:WFzDqa86hV6uRRqX1evPlwAEK
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-