Analysis
-
max time kernel
135s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 08:38
Behavioral task
behavioral1
Sample
43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe
-
Size
2.4MB
-
MD5
61dac54b7073bfdd947c235a2eddc210
-
SHA1
69f06bc250c6676cbc400a86e151c39c25dfeec5
-
SHA256
43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8
-
SHA512
7e2ac7a1497d2c948ba702f2c3206f53226eb699bc6079032804f2c22c0b1eb09a4c8e2c1694fdc33054f5ca2bd9b0ebda51953c8d20dc58bfb707ba6de543c8
-
SSDEEP
49152:L3KoBQxG9i9w4QclMHG/m9FBiC1y/uUNxff0vhtAFE9P/qX/SBi:L3KkQMcNQlHG/oF8aUz0vnx94
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
Processes:
beomoch.exe43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ beomoch.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe -
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
beomoch.exe43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion beomoch.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion beomoch.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe -
Executes dropped EXE 1 IoCs
Processes:
beomoch.exepid process 2924 beomoch.exe -
Processes:
resource yara_rule behavioral2/memory/668-0-0x0000000000400000-0x0000000000A91000-memory.dmp themida C:\ProgramData\Mozilla\beomoch.exe themida behavioral2/memory/2924-8-0x0000000000400000-0x0000000000A91000-memory.dmp themida -
Processes:
43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exebeomoch.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA beomoch.exe -
Drops file in Program Files directory 2 IoCs
Processes:
43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exebeomoch.exedescription ioc process File created C:\PROGRA~3\Mozilla\beomoch.exe 43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe File created C:\PROGRA~3\Mozilla\pahuyne.dll beomoch.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Drops file in Program Files directory
-
C:\PROGRA~3\Mozilla\beomoch.exeC:\PROGRA~3\Mozilla\beomoch.exe -yidwxfj1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Mozilla\beomoch.exeFilesize
2.4MB
MD535ae5f1c66211f1a90d88a8bbbc86c78
SHA1e266486633daa10920635175d710a618ee285f77
SHA256c7eae21daaab37c07c6d07ee6890246dbde3fe4bb487d142c3e64b9161e13eed
SHA5126c49e258886a33c05f23ce8cd28b2185cd7bb0b9561792ac9332175b2a1bc8230a7211dc156a4a6c1d2ea1947a921d1da9f55d9beb969b7a6b91f09a25eb3af7
-
memory/668-0-0x0000000000400000-0x0000000000A91000-memory.dmpFilesize
6.6MB
-
memory/668-1-0x0000000002BD0000-0x0000000002C2B000-memory.dmpFilesize
364KB
-
memory/668-2-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/668-7-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/2924-8-0x0000000000400000-0x0000000000A91000-memory.dmpFilesize
6.6MB
-
memory/2924-10-0x0000000000400000-0x0000000000A91000-memory.dmpFilesize
6.6MB
-
memory/2924-9-0x0000000000400000-0x0000000000A91000-memory.dmpFilesize
6.6MB
-
memory/2924-13-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB