Analysis
-
max time kernel
29s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
01-07-2024 05:07
General
-
Target
37936f6659f9f0b86a65c4cc268b0d735d5bcf94fce508d04d6b52cd20593c18_NeikiAnalytics.exe
-
Size
1.2MB
-
MD5
acf7c84c4c09174e064701ddf45917f0
-
SHA1
fbd86abbd4425fecc03608d4c475e141e5cfd9b0
-
SHA256
37936f6659f9f0b86a65c4cc268b0d735d5bcf94fce508d04d6b52cd20593c18
-
SHA512
ab5c75d63ea9f666ca765457ef08da76a3fbcccd7dc7cd719bd9a11a6e51e88038290c677ef58879329dbc7276efb6c3415df1a8c3f979c7fe46ee2cd544cb9d
-
SSDEEP
12288:02xYlc+pFByStv9JRa//inz86NRo1qiRlUWC4kXzVC3:BAc+pFB5z+//ufNRoZW
Malware Config
Signatures
-
Executes dropped EXE 5 IoCs
-
Drops file in System32 directory 6 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37936f6659f9f0b86a65c4cc268b0d735d5bcf94fce508d04d6b52cd20593c18_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\37936f6659f9f0b86a65c4cc268b0d735d5bcf94fce508d04d6b52cd20593c18_NeikiAnalytics.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exeFilesize
2.2MB
MD5ddc47c1e4e20eea9cbee2370973fddbd
SHA13c77509b0fb68df0272d2bbeb0fa73af67d41bb1
SHA256d51f4d64e89f3ba75f23b0fe7d2eb41bb3838fec39b2f25e7e7e765b2891da40
SHA5122404675722bc22c7e9017e260a727767b57c89a09fc2f7ace89a58b24fe3ab791547c80da40c039248f80be62b331b01baff429394070b0c064281ef7bb1673e
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeFilesize
1.4MB
MD5435455b5d3dc5a6a6a66159213cf7195
SHA10784a77fe21772a2f2c2534f2e94df074c4741cd
SHA256824b02c83b180cb5213678911b379605565f7564abf4a33d9462298f41ee6444
SHA512b87a2d4ab3632e9f7d40b15d5d0c110ddf535ae33507e131c1ce6ba9c3bdeba8db886689615b9a3cfe302ce7c08afc518e9c7349787f81c1eacdda740cca0949
-
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXEFilesize
1.4MB
MD594c8458ff13ab7a40e2fe1f28e82d243
SHA1d10d8585614c8926ecdb4b08ce1547b2f408f9e4
SHA25615241c71709fb00af80e1ce3abe50904d4d7bb2e1e918dfc68c67576974ffd92
SHA512a4a9ccf08ba45a92b1003039c03d190fad2d5774e9d128800db5baf890dd77617c3c478c3d65bae3812dd93a7b4e1127a32113d507c2a7f7a0a6a23ce7185c9e
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exeFilesize
2.1MB
MD5324babf487ec6c68dcd1a536d3f34eff
SHA110dcca498aed9c6a9438572067ca9a6969ec7e1f
SHA256a3157aa0c3f6891622271357d58901baa4f69bd7805cc80045f09e5c46a0ff62
SHA5125b3f32753624859e79c376bec0959a8d300a14b6107f8b05446daa374ecd50def6a7685b940149973774df1badd8c88261c6339031d4daa7e37a187ca8f14c34
-
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeFilesize
1.3MB
MD5b8a2e75a4f1e39c4965ca4a3dbf70632
SHA123e21a44ee36c9939075a2ceb767a8e1f733f141
SHA256f1e5ea9fb1cb2c18d728792199202e7e1ece01ecb7d25cab6851ca3b88c5b2bd
SHA512a57a66e477f15576ca4c9147cb6302f5a36f048861621f5f680e4356c75bba55c9dfcb2c47ce4d15c646a9a5c19055e1f24a3798712c78095eaac12af9ef3e82
-
C:\Windows\System32\FXSSVC.exeFilesize
1.2MB
MD5073cf2947b80a90e2ebc14b396d49be9
SHA181e7428a5986379e2cfe39f0146129f3e0040e1d
SHA256c3947d19cfd1258b58f2eb9c803b119df75dd93fd001d426f095603a9abc0e2d
SHA5127e51939fe77cb3f4867f121cd799da9ef8225a2f884c6c29953268acbcd9a5c0c7d05b6333da6e239f0a1895d2daf9d00d252ac5ec103a2048562308090fbc65
-
C:\Windows\System32\alg.exeFilesize
1.3MB
MD5504ebbb7e5ce647b4861beea104ca7c4
SHA1411d6acfa0d3722948f235f5605898eb61a9f744
SHA2564f68613fa92839b11a666874cf19364f65a77e055fb45bab410e6f106bb9fa98
SHA5127bdeb1ed6a83d7fdf1343f0366d2c2bd3bff7d85563a6bfb1dc706139a6305e3db606ebf6cb106a6c839e30af9e67148b26f720cd0d269922b16b9eddd5e807f
-
C:\Windows\System32\msdtc.exeFilesize
1.3MB
MD5d1441658d2b5970bfd96a8b7eccf5d22
SHA15ae8b6e8150551aa7c78de9e980df64bcc49bcf4
SHA256f355579c5e6a905cbf47a23ec4d1411db9b17158a99a47f90c9c26014b554d96
SHA512f35c4bfb4f180e463c77a82bdc355402149a5ebf68199a8345c6681bf9f378e4d46f1324b2f545a3e1ca08f04e546e209ae0385f789e505a80f022669109d723
-
C:\Windows\system32\AppVClient.exeFilesize
1.3MB
MD50f2fd59b7c9bc8cf6568ac57d273d51c
SHA112a2474ece60e5e26baa739987563f21cdb2e9d7
SHA256f54894e639beabcec073d6daa203e76e226043dfde28c4166e47510c2c93689f
SHA5120cc28907572ccf4dd60d76402af20368c310406ef01e7f2591c00be8753e74dee92c5fa3c9fa4347b28c196f056510bf2786c489c457891da583db7af8dc3cff
-
C:\Windows\system32\msiexec.exeFilesize
1.2MB
MD5ebb2e9f3ca61364156ef48a64005ca8e
SHA18f053ec1f049d9d3f94090a772eed243f86ec9ae
SHA2569715c78ca36645efab7a74b74d62589668c555b706d3ff4b7e1377de9eb16196
SHA512de0082d17f2edb514829d65fb6be001aed30d1f1ae273c8ddb931701a438fe4a6b3a821bd5fbcd9dc0c7d2fdd1a21facd1af4d9e23950235633b35f0c0e36a70
-
memory/456-32-0x0000000000700000-0x0000000000760000-memory.dmpFilesize
384KB
-
memory/456-27-0x0000000000700000-0x0000000000760000-memory.dmpFilesize
384KB
-
memory/456-124-0x0000000140000000-0x00000001401E8000-memory.dmpFilesize
1.9MB
-
memory/456-34-0x0000000140000000-0x00000001401E8000-memory.dmpFilesize
1.9MB
-
memory/1472-12-0x0000000000750000-0x00000000007B0000-memory.dmpFilesize
384KB
-
memory/1472-18-0x0000000000750000-0x00000000007B0000-memory.dmpFilesize
384KB
-
memory/1472-21-0x0000000140000000-0x00000001401E9000-memory.dmpFilesize
1.9MB
-
memory/1588-81-0x0000000140000000-0x0000000140209000-memory.dmpFilesize
2.0MB
-
memory/1588-80-0x0000000000C00000-0x0000000000C60000-memory.dmpFilesize
384KB
-
memory/1588-85-0x0000000140000000-0x0000000140209000-memory.dmpFilesize
2.0MB
-
memory/1588-74-0x0000000000C00000-0x0000000000C60000-memory.dmpFilesize
384KB
-
memory/1588-83-0x0000000000C00000-0x0000000000C60000-memory.dmpFilesize
384KB
-
memory/2040-69-0x0000000000990000-0x00000000009F0000-memory.dmpFilesize
384KB
-
memory/2040-187-0x0000000140000000-0x0000000140245000-memory.dmpFilesize
2.3MB
-
memory/2040-62-0x0000000000990000-0x00000000009F0000-memory.dmpFilesize
384KB
-
memory/2040-68-0x0000000140000000-0x0000000140245000-memory.dmpFilesize
2.3MB
-
memory/2212-88-0x0000000140000000-0x00000001401F8000-memory.dmpFilesize
2.0MB
-
memory/2212-89-0x00000000007E0000-0x0000000000840000-memory.dmpFilesize
384KB
-
memory/2212-210-0x0000000140000000-0x00000001401F8000-memory.dmpFilesize
2.0MB
-
memory/2604-51-0x0000000140000000-0x0000000140237000-memory.dmpFilesize
2.2MB
-
memory/2604-168-0x0000000140000000-0x0000000140237000-memory.dmpFilesize
2.2MB
-
memory/2604-52-0x0000000000530000-0x0000000000590000-memory.dmpFilesize
384KB
-
memory/2604-58-0x0000000000530000-0x0000000000590000-memory.dmpFilesize
384KB
-
memory/3316-211-0x0000000140000000-0x000000014020E000-memory.dmpFilesize
2.1MB
-
memory/3316-111-0x0000000140000000-0x000000014020E000-memory.dmpFilesize
2.1MB
-
memory/4684-44-0x0000000000930000-0x0000000000990000-memory.dmpFilesize
384KB
-
memory/4684-37-0x0000000140000000-0x0000000140135000-memory.dmpFilesize
1.2MB
-
memory/4684-38-0x0000000000930000-0x0000000000990000-memory.dmpFilesize
384KB
-
memory/4684-46-0x0000000000930000-0x0000000000990000-memory.dmpFilesize
384KB
-
memory/4684-49-0x0000000140000000-0x0000000140135000-memory.dmpFilesize
1.2MB
-
memory/5108-7-0x0000000000AE0000-0x0000000000B47000-memory.dmpFilesize
412KB
-
memory/5108-25-0x0000000010000000-0x00000000101DE000-memory.dmpFilesize
1.9MB
-
memory/5108-119-0x0000000010000000-0x00000000101DE000-memory.dmpFilesize
1.9MB
-
memory/5108-6-0x0000000000AE0000-0x0000000000B47000-memory.dmpFilesize
412KB
-
memory/5108-1-0x0000000000AE0000-0x0000000000B47000-memory.dmpFilesize
412KB
-
memory/5108-0-0x0000000010000000-0x00000000101DE000-memory.dmpFilesize
1.9MB