3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe
Size

32KB
MD5

ee12b036af35633f514c32eb26573290
SHA1

e89ccca2741e1ff6358d5b64a120e3a97c8ef64b
SHA256

3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48
SHA512

25d6e7db064e48dd41e22a8b6962ee4c21f841d2e78efb28ac490b2271d3b61333ff9a4f3fa4c11a222eb27980f7507a29c468d73f5db2e216bd522fcb66cf73
SSDEEP

384:Q98xUHQA18Vy4Ng8zLeirerI2Z1JQad0k5yQhbj/djEVvUPX4fOg:Twi/gopT22Kjj1wVvUPX8Og

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Run\AeLookupSvc = "C:\\Users\\Admin\\AppData\\Local\\AeLookupSvc.exe"	regedit.exe

Runs .reg file with regedit 1 IoCs

pid	Process
1768	regedit.exe

Suspicious behavior: RenamesItself 2 IoCs

pid	Process
352	3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe
352	3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 352 wrote to memory of 1768	352	3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe	28
PID 352 wrote to memory of 1768	352	3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe	28
PID 352 wrote to memory of 1768	352	3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe	28
PID 352 wrote to memory of 1768	352	3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe	28
PID 352 wrote to memory of 1768	352	3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe	28
PID 352 wrote to memory of 1768	352	3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe	28
PID 352 wrote to memory of 1768	352	3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:352
- C:\Windows\SysWOW64\regedit.exe
  regedit.exe /s C:\Users\Admin\AppData\Local\Temp\~dfds3.reg
  2⤵
  - Adds Run key to start application
  - Runs .reg file with regedit
  PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\AeLookupSvc.exe

Filesize
32KB

MD5
39f53522be482461a29fee811dd0dc03

SHA1
541f609733c014aa2096e4149d82013ca05aadea

SHA256
9956d0d69d8e18fa5cc2103a368959e7e178f66d260b34911d47455cc928a99f

SHA512
91f4a0965d7517cd13a4b51ac1afb97caf37da6eb2b4b944380381d7e68591172862966e2d5e2b7dd6c02b51b9d04327fb672a52e6467869a2a83babe78870ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\~dfds3.reg

Filesize
174B

MD5
8c22944c5ba3c55d17fbcc34afb817f8

SHA1
d8c04aea262c3db91473ad412ae653dc16eed885

SHA256
2fdaf5ba61fb94c57d70d515520bf83103e3e85629c6fb1180b8e0313e81ac23

SHA512
18ca896ba5e866fd7486969fa22d438b7a1f46ee36bb89cbbdb84fc2e7ad6b1b5969b4d21d72d93a62575ed09b39531c010757132ea6ab86868999c6171218ad

Download Submit
memory/352-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/352-2-0x0000000000020000-0x0000000000028000-memory.dmp

Filesize
32KB

Download
memory/352-1-0x0000000000020000-0x0000000000028000-memory.dmp

Filesize
32KB

Download
memory/352-12-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads