46884269c16b48d583bff45769afcc52f7b72684c1678a8de138087c1d9e4991

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46884269c16b48d583bff45769afcc52f7b72684c1678a8de138087c1d9e4991_NeikiAnalytics.exe
Size

61KB
MD5

a482dae9e61998a83035c6d08113c5f0
SHA1

8e467058d8f1741b78112bad50c4af7410757587
SHA256

46884269c16b48d583bff45769afcc52f7b72684c1678a8de138087c1d9e4991
SHA512

56c7abafc9bceee27ce8a80495770079542d6aa3c0305308e59c0f92e6d5b407303b3f5431e2fd1fc2137a2ad6fe2cf78f923b6431c20cd1c3a7aee335f0e46d
SSDEEP

768:Ne15NAJKtZan8/fyRja9Dg6YmAgJP4dkUCbJV9LSPBnCc7/X7qW:Ne1ACMWhY1oPXUCbJVIph7/Xh

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 47 IoCs

Web Service

T1102

flow	ioc
36	pastebin.com
13	pastebin.com
17	pastebin.com
25	pastebin.com
30	pastebin.com
31	pastebin.com
42	pastebin.com
2	pastebin.com
6	pastebin.com
15	pastebin.com
27	pastebin.com
41	pastebin.com
10	pastebin.com
12	pastebin.com
16	pastebin.com
38	pastebin.com
44	pastebin.com
47	pastebin.com
7	pastebin.com
20	pastebin.com
22	pastebin.com
34	pastebin.com
45	pastebin.com
8	pastebin.com
11	pastebin.com
32	pastebin.com
35	pastebin.com
3	pastebin.com
5	pastebin.com
19	pastebin.com
24	pastebin.com
39	pastebin.com
46	pastebin.com
18	pastebin.com
23	pastebin.com
28	pastebin.com
29	pastebin.com
37	pastebin.com
33	pastebin.com
40	pastebin.com
43	pastebin.com
4	pastebin.com
9	pastebin.com
14	pastebin.com
21	pastebin.com
26	pastebin.com
48	pastebin.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2804	46884269c16b48d583bff45769afcc52f7b72684c1678a8de138087c1d9e4991_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\46884269c16b48d583bff45769afcc52f7b72684c1678a8de138087c1d9e4991_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\46884269c16b48d583bff45769afcc52f7b72684c1678a8de138087c1d9e4991_NeikiAnalytics.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2804-0-0x000007FEF4D53000-0x000007FEF4D54000-memory.dmp

Filesize
4KB

Download
memory/2804-1-0x0000000000DB0000-0x0000000000DC6000-memory.dmp

Filesize
88KB

Download
memory/2804-2-0x0000000000150000-0x0000000000156000-memory.dmp

Filesize
24KB

Download
memory/2804-3-0x000007FEF4D50000-0x000007FEF573C000-memory.dmp

Filesize
9.9MB

Download
memory/2804-4-0x000007FEF4D53000-0x000007FEF4D54000-memory.dmp

Filesize
4KB

Download
memory/2804-5-0x000007FEF4D50000-0x000007FEF573C000-memory.dmp

Filesize
9.9MB

Download