Analysis

  • max time kernel
    158s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 13:44

General

  • Target

    563249d0cc8c7037cb036019814b15491e914285bc74e76778fef2542fdc2974_NeikiAnalytics.exe

  • Size

    29KB

  • MD5

    915d508160958448af2e4ac91e272180

  • SHA1

    d950da999dca6a089c4d3ac9ef994383a9597bbd

  • SHA256

    563249d0cc8c7037cb036019814b15491e914285bc74e76778fef2542fdc2974

  • SHA512

    27d4e6121f3a4bb05ec20e8d5bce1048c417f809b9a6eae97424fc9a3e466a12b9d3f99cdd4fba67e09ae3d0a273474ab85f31333c4624f82eacce24e19402bc

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/Sco:AEwVs+0jNDY1qi/qNo

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Executes dropped EXE 1 IoCs
  • UPX packed file 28 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\563249d0cc8c7037cb036019814b15491e914285bc74e76778fef2542fdc2974_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\563249d0cc8c7037cb036019814b15491e914285bc74e76778fef2542fdc2974_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1224
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3808 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3260

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\LH42QG94.htm

      Filesize

      175KB

      MD5

      469e6ae50e108dd37dc28b5fce831ca7

      SHA1

      4a388a63a76b080dfafa5017d0404dd95b1636da

      SHA256

      abd47003e37be742d446f329600f4c50add739fe4d6883ba487013fa44a469d1

      SHA512

      a3e0c028859572343e0971afd34820b98466ea5b3b8a991535dfa033a87febabe9edd322c61f3f46dfec271f9b5eef1add04bf7726c79cab136b6e3f15ee67c2

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\default[2].htm

      Filesize

      312B

      MD5

      c15952329e9cd008b41f979b6c76b9a2

      SHA1

      53c58cc742b5a0273df8d01ba2779a979c1ff967

      SHA256

      5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

      SHA512

      6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\search[5].htm

      Filesize

      147KB

      MD5

      9895edf40f17f3d0ba659b0e490b3dfb

      SHA1

      fa33951c8ce5a2c4b6d1e55d8f23cc1bbc369e8c

      SHA256

      4719019007a0b443049fc5bd939417daed54eb4639f973a7a4ea247116622772

      SHA512

      837e1fe544c09d82ca17cc341542130bb17687522589e2a9504ab08a3be72d6ca286fc47c0edd55429c530786a1eb0dae48f370a3077af37312769f7c4d19e4e

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\0KJJHIVK.htm

      Filesize

      175KB

      MD5

      58eee49d2b8c7de19c18f5c3d647b87b

      SHA1

      49e03fcc7789005162ea590639c0453e5d6e95c1

      SHA256

      5138acd7c6556bba6a08a5018573d1ae63644a194219f46f62aab8656d2eccd2

      SHA512

      d9dfd71c260074947a30c6c04ac30e34ffd80bdc556ceebbcf595385016bfeedfbe5bc105e536bf3ebf99dd7f8e5b1f5e7c81bf845989f72b40f90ff2476aa66

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\CMQ4FKT8.htm

      Filesize

      175KB

      MD5

      bbbbe79649776909ff726bf1a60f693a

      SHA1

      d4d72ac7097c27b7cceb3ed115d4a74e580114ce

      SHA256

      ac894eff85367628c80f2468cdf24aeb2c0270d660c462d0629b606b32c226dd

      SHA512

      a92080f649adc9ab6f798919fca7a24e65f42d55f78ddecc4966cf800a405f2a41611fdd80a50207debf0a3a56da9258ccd376c39e9a3bec581e0e29aa803f53

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\PAP9B081.htm

      Filesize

      175KB

      MD5

      4dc421c28e89be48dee9359eafd59633

      SHA1

      37b2af7e7e4242895ac5244cc47caaff7daa2f86

      SHA256

      02bd69789863869f314f054cc5267f950a814c7030fe1293f347ab8db0e4ff7d

      SHA512

      c181ebbc559a8c3d8935f0573be82e4031c451d44bf9dd9c1b54834a29247af9d029f638ccb89aaf36bb667384a53bd5e28c4aa5d4a34335b2c2a5a9e543864f

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\default[3].htm

      Filesize

      311B

      MD5

      cb42662caffe525e9957c942617edf06

      SHA1

      615009db9a1a242579e639ee0fc7a2a765095bfe

      SHA256

      312bf5c9a1a122abc6361bf8ed01a44346285b962c0d273ef2de0eb796ae1b15

      SHA512

      3e6777f1f74f64fff6cb2bd1a81a6c08d9a64feeebc3deb7cacb8f0f41b23a5c59a8e6294b99c76dd386aaaf9043a1a252ac47910fe1801bdc2995f7b675692c

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search3OO7RO8S.htm

      Filesize

      158KB

      MD5

      52a79ba2ddc5a6906d54439218e089af

      SHA1

      3b2f167c574576caf5ec6d5cbdfb842721b335f5

      SHA256

      5ec8be2f255fc695f88dfae45e1cdbf1143106b171c4eacb16f05b38cfdf461a

      SHA512

      f1721ec61e838b21764f6893787db2b7fdf656447559c82526aa91038db5587cabaee795027e66d97121746884c8ee163ab40c51e8748580c1cbc7f58d4a92b3

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\searchC2E65VB6.htm

      Filesize

      148KB

      MD5

      246920166da3363d042ed673b0de465f

      SHA1

      43fdfa540b70148b2ad67ef5ed7b1841f37398d6

      SHA256

      5a0e1b297f1ab682b353148bc888103687a09a4e3996acde4955f48beeb90cda

      SHA512

      27887caccf107c511d8ee79a5bc1bbb8a4d3b39db655f636356302030d4b30c4b5b66fb946de60e0be39998706a0e9af17a962989a8919fdd5df2dd9a8e88267

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\searchP52QW6B9.htm

      Filesize

      133KB

      MD5

      72a22fea224e4309ef8c08f9bef88972

      SHA1

      2ff67a8ac01eeb4ef7505e52b26c043104e5f812

      SHA256

      0269b627e5ff884d769e84e160467eaac3fe5cf2632d18b4155000a7ab0daa40

      SHA512

      94f4561c27954372d3095e97f4478b5e56682b0daa2ea62f6ad78d5243ef057f25d1152428a0b60f2a6e083fdeb9d4cab6278c0b90e2a69d0cda98d41e6441b5

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\searchU41CL4O6.htm

      Filesize

      117KB

      MD5

      d3a66fd68b33fe427a9fdffb4930b2e2

      SHA1

      5034610c026c92e5c563c3ece5293a5bd6fcc50d

      SHA256

      6afbc6d0b75f95a856aef083c54280fdd48269666df041f366220cd9e933c304

      SHA512

      a9f81368aca1ddb0119b732b824668d694185af91bd64acb6b82e4681e0b4eb7f3910303fef6401d736bf6aa74f5e474dc423dafff99a171e4a7c154bc6f6166

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\searchU8TND0F5.htm

      Filesize

      114KB

      MD5

      3b499f8b5635c78a6c4df2c0b28ed34a

      SHA1

      384d14cc0e9770423759d19f683048bf02ed0c69

      SHA256

      c637f9f733154822175f6c2ddef4651f20271886ed7baf53e5bcd55bc2d04194

      SHA512

      356b49f64c8157f91b3a6d2ea5580dd6e28e93dd17053851e9b655a90be67ee3c9b33d0ad66615b280febc7771aedead53c2705ca6ffe675f0a1720e1e119676

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\searchY3OPH0RY.htm

      Filesize

      120KB

      MD5

      36b5b9d6d099dc9a9734b8923bd941fe

      SHA1

      a998fddc834f87087bd22c0a596410a31ee4e897

      SHA256

      86bbe83306e7b22f91119d732a22470121413c0fe22864cbaf8a57377afd1c86

      SHA512

      7813a8d50ed8a6c787dd97b1c113751a1baa2e7063a6283159e5e175593e57565e8c3b4f84527baa1f63b1309685c15f6dd4a037479b825d0c948a3e0e9eabad

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search[5].htm

      Filesize

      25B

      MD5

      8ba61a16b71609a08bfa35bc213fce49

      SHA1

      8374dddcc6b2ede14b0ea00a5870a11b57ced33f

      SHA256

      6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

      SHA512

      5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\4K9GX9S7.htm

      Filesize

      175KB

      MD5

      773990bd7dd1d8fcc01ba79297d9217f

      SHA1

      18f9120ba934414eee6c9d4833bbbafd151c10a2

      SHA256

      86115a7bc86aaf80ea8bc11d1166e899995eef94f56a5983fdab8d79dae01fd9

      SHA512

      92d430ea5f1fad1bbc29478473ef2ed8d46f0ce940c7b80b834624551ccaf7a1b343eddfa8ac4a2f88f9379368acf0d396bb2e7f0bd7fc2d59718b98ef6ac6d8

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\results[4].htm

      Filesize

      1KB

      MD5

      ee4aed56584bf64c08683064e422b722

      SHA1

      45e5ba33f57c6848e84b66e7e856a6b60af6c4a8

      SHA256

      a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61

      SHA512

      058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search82A59C5K.htm

      Filesize

      162KB

      MD5

      213caf82a1586f023853474229153411

      SHA1

      8bd24be1d835baddd9efdfe6d88e8b80c34155b9

      SHA256

      00f30decd70e90b69c18baef4cd6f9c5dd7c7a44b268c014f6ef6d5d862b9938

      SHA512

      ba4d020ea7bef265a8678b47b99c3598feed58a0e8374610e44561a261ac5036d535ba9186ddedd2588e4d1920e1db9dc6b0f1537f48a307a282bbd2450def7c

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[1].htm

      Filesize

      158KB

      MD5

      1f6fc63ec530b9bc69141685398819af

      SHA1

      5bddc21d1bf2455c6f420242f5f3737b5df50f48

      SHA256

      0d04de325f59c076ad517ca37a2327e10f95b7cd7f72d08a2ff1b247a1966831

      SHA512

      35c5e1d3491f02f8bc5a0bb4a6d62a2cb3ce7c1696f38d8ec7155f3898cc06bff1db717b625b08690a4c94fd577eec4240a7d4b9c57aa3e7fc9da53b1a4629c2

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[2].htm

      Filesize

      170KB

      MD5

      66ed5cc6b4d1cd7f462a6a7be9c9b5d3

      SHA1

      eb4139f1d7babe47fdf5f9150d5e3a3bc4893a35

      SHA256

      e29e6e64982fe589834a9a1b373ca31806e8ca2e5da4240e35d35a7c270f625f

      SHA512

      064da55645aa65a10a921c81f03a58faad1f5b2c20e63455089cb3964929f7fe3b2dd5d83c6f9218c3aba4f4bdb39c42d1493d7f481ecf9e5050a1e8fbaec53d

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\results[5].htm

      Filesize

      1KB

      MD5

      211da0345fa466aa8dbde830c83c19f8

      SHA1

      779ece4d54a099274b2814a9780000ba49af1b81

      SHA256

      aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

      SHA512

      37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\searchF4LUCXMT.htm

      Filesize

      130KB

      MD5

      7ab513cdcc4e609e43dc2613a03f3dc6

      SHA1

      d0085e1158e1fc8ad67b5158c988f8ef9018efe7

      SHA256

      e5c049ab571fc96d0e757de687937423bc2ceab802e6145897d0343c4fbce05d

      SHA512

      868a8de6888160decf2453d870eda1f38344e2e1203425dd57d4589c818e08c41509726e76b18e9c100e52e3099879067939c49e884e4f24a9ceb37e7cb9fded

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\searchW7F6HMEV.htm

      Filesize

      147KB

      MD5

      3653410ffe14de49e984a928250f70b1

      SHA1

      6acfee3b2ca9d3804cc558cb97436b0af3aa81de

      SHA256

      33b5c0ce0f0d961a1fd8d983f4be770fa2e817e6357136cd990d5aa0b4a8454c

      SHA512

      14fe9144bca8b8ddeb6a174130ce7e50e7129ccb6a6ab87b1ef019774fd5dac4d524863cd3722b3d22ea1bf04840d9caaee3f666f7ae5f752fbb51e5eaf43dd5

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\search[3].htm

      Filesize

      117KB

      MD5

      d28391fd2fbb79c83364876e5a3e153f

      SHA1

      86e6ffd444aa27456422c3fe9c28243f6de3824d

      SHA256

      040d7360f103776948f9a04ca11884ed2da276450345c89dffd4b402bf8107dc

      SHA512

      d8fa1e35deb7909d7fb1c0ee068bedf6ad264dafb1f1ee0567454322450d08751aeafd05def9f7d0d991c7cb67a1c13cccee5464c59ca96040b308d0bf6ab417

    • C:\Users\Admin\AppData\Local\Temp\tmp769F.tmp

      Filesize

      29KB

      MD5

      bb409df6ae60f9bc419fbce8c1719c23

      SHA1

      5a709e1725c957e4186056413f4eb226030987cc

      SHA256

      4aad3b1039e943aacf1cc75194327febf4ee046e62966a938cb6a5155a3e66ee

      SHA512

      0a76dd1076b0e54b2be14f13b2c2b24e7e4965abc2c563dbb17eb26bd0b95f169aaf33b5df9ccfd6ef70d3ed226c38126176f0b6db9d8a79a76c390804c0eabe

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      Filesize

      352B

      MD5

      7a65d644c18265fe87d51a199bd273ea

      SHA1

      0793e6d404865aedeb7d915e2e67a47b767abbb1

      SHA256

      61c12a624a57880189bcf287b1fd3bf004a6735d7f57797c991b786d377522d4

      SHA512

      b67536c39314cf430cb7e1fa3c212c05eb8b53b16845b021d5a785425f46bc89a953e9bf218bd76b5f5de17ad3e26b7902bbe52de8b3557cae34b840556be4cf

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      Filesize

      352B

      MD5

      9a66c78704db39f3a645bcb338fc0bae

      SHA1

      bcbd5eb30c34b1a5e0880673632e3ce4015b2a3a

      SHA256

      1efc96c6e6cf99d1c08198920141467e986071b628d512d71b1548f99087220d

      SHA512

      bd8204a7795364d9545f0c67fb7bdd9459aa71020991f16d2bdb08218d633d35ca02a488035368fdf5ef24a2b5db3a44dc97600d93051915c1cf7f16ed915c57

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      Filesize

      352B

      MD5

      4b613e918835dc49204a9a847160ebae

      SHA1

      a1d716c5dfef011187c3a783c8cded367f3a644f

      SHA256

      a85530573a06c0c5b908082b027c2d4ef985a81a6d786ac8d54674844e899350

      SHA512

      42bdd0a42d4445f36c458b5f86b888058b6550ff12885d7f1a062a5ab98823b09fd3957b7ec94f11a1e4cae158d3fa8c2b240e424fcf35c616927803c0ef4f57

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    • C:\Windows\services.exe

      Filesize

      8KB

      MD5

      b0fe74719b1b647e2056641931907f4a

      SHA1

      e858c206d2d1542a79936cb00d85da853bfc95e2

      SHA256

      bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

      SHA512

      9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    • memory/1224-457-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-6-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-616-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-123-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-614-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-41-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-39-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-22-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-34-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-572-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-16-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-21-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-29-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-179-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/1224-27-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/2960-28-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/2960-0-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/2960-33-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/2960-543-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/2960-14-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/2960-412-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/2960-35-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/2960-1-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/2960-613-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/2960-122-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/2960-178-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB