35833fd954a1f2c69c8c2e65706f61ce81be3c31c0b292b772d82e982d47a1e8 | Triage

Submit
Reports

Overview

overview

Static

static

3

35833fd954...cs.exe

windows7-x64

35833fd954...cs.exe

windows10-2004-x64

Sharing

General

Target

35833fd954a1f2c69c8c2e65706f61ce81be3c31c0b292b772d82e982d47a1e8_NeikiAnalytics.exe
Size

206KB
Sample

240701-e5jjnazbrl
MD5

1319493968a0db54c5d716f913b14060
SHA1

b2ade583a1c27b734448ca18ff1891041e34e1dc
SHA256

35833fd954a1f2c69c8c2e65706f61ce81be3c31c0b292b772d82e982d47a1e8
SHA512

c9b12ab6a20e8e29b6fb51ead2ff739f238b412a4799b7671edf8f1520c2c0f21c36b47551bf6df8bca4810b3a47f7175c1f5edbd6808a9062c754e42e3f2ef2
SSDEEP

3072:KvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unv:KvEN2U+T6i5LirrllHy4HUcMQY6E

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

35833fd954a1f2c69c8c2e65706f61ce81be3c31c0b292b772d82e982d47a1e8_NeikiAnalytics.exe

Resource

win7-20240508-en

evasion persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

35833fd954a1f2c69c8c2e65706f61ce81be3c31c0b292b772d82e982d47a1e8_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

evasion persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  35833fd954a1f2c69c8c2e65706f61ce81be3c31c0b292b772d82e982d47a1e8_NeikiAnalytics.exe
- Size
  
  206KB
- MD5
  
  1319493968a0db54c5d716f913b14060
- SHA1
  
  b2ade583a1c27b734448ca18ff1891041e34e1dc
- SHA256
  
  35833fd954a1f2c69c8c2e65706f61ce81be3c31c0b292b772d82e982d47a1e8
- SHA512
  
  c9b12ab6a20e8e29b6fb51ead2ff739f238b412a4799b7671edf8f1520c2c0f21c36b47551bf6df8bca4810b3a47f7175c1f5edbd6808a9062c754e42e3f2ef2
- SSDEEP
  
  3072:KvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unv:KvEN2U+T6i5LirrllHy4HUcMQY6E
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Active Setup

Defense Evasion

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2024

Terms | Privacy