General
-
Target
3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f_NeikiAnalytics.exe
-
Size
266KB
-
Sample
240701-gqggvsxgmd
-
MD5
77a611fd524d39d270036a0d8a8bce30
-
SHA1
680368e32a8696085d3c83ab13fce90aa6a22e3b
-
SHA256
3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f
-
SHA512
86bd7fc3f5cc6b270630928a5d73301688ad61ffe91238f96699eadd840f60f28af3d2d4bd80fe7a1da88fe9e5268ba3640db1d4535b575c38faf9ee61c0d08e
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sc:WFzDqa86hV6uRRqX1evPlwAEc
Static task
static1
Behavioral task
behavioral1
Sample
3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f_NeikiAnalytics.exe
-
Size
266KB
-
MD5
77a611fd524d39d270036a0d8a8bce30
-
SHA1
680368e32a8696085d3c83ab13fce90aa6a22e3b
-
SHA256
3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f
-
SHA512
86bd7fc3f5cc6b270630928a5d73301688ad61ffe91238f96699eadd840f60f28af3d2d4bd80fe7a1da88fe9e5268ba3640db1d4535b575c38faf9ee61c0d08e
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sc:WFzDqa86hV6uRRqX1evPlwAEc
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-