Analysis
-
max time kernel
135s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
01-07-2024 08:38
General
-
Target
43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe
-
Size
2.4MB
-
MD5
61dac54b7073bfdd947c235a2eddc210
-
SHA1
69f06bc250c6676cbc400a86e151c39c25dfeec5
-
SHA256
43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8
-
SHA512
7e2ac7a1497d2c948ba702f2c3206f53226eb699bc6079032804f2c22c0b1eb09a4c8e2c1694fdc33054f5ca2bd9b0ebda51953c8d20dc58bfb707ba6de543c8
-
SSDEEP
49152:L3KoBQxG9i9w4QclMHG/m9FBiC1y/uUNxff0vhtAFE9P/qX/SBi:L3KkQMcNQlHG/oF8aUz0vnx94
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 1 IoCs
-
Themida packer 3 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Drops file in Program Files directory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\43e15cc43184cdba5f3e2b986524d104f524bd17dd3e4e589953edeb993baff8_NeikiAnalytics.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Drops file in Program Files directory
-
C:\PROGRA~3\Mozilla\beomoch.exeC:\PROGRA~3\Mozilla\beomoch.exe -yidwxfj1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Mozilla\beomoch.exeFilesize
2.4MB
MD535ae5f1c66211f1a90d88a8bbbc86c78
SHA1e266486633daa10920635175d710a618ee285f77
SHA256c7eae21daaab37c07c6d07ee6890246dbde3fe4bb487d142c3e64b9161e13eed
SHA5126c49e258886a33c05f23ce8cd28b2185cd7bb0b9561792ac9332175b2a1bc8230a7211dc156a4a6c1d2ea1947a921d1da9f55d9beb969b7a6b91f09a25eb3af7
-
memory/668-0-0x0000000000400000-0x0000000000A91000-memory.dmpFilesize
6.6MB
-
memory/668-1-0x0000000002BD0000-0x0000000002C2B000-memory.dmpFilesize
364KB
-
memory/668-2-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/668-7-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/2924-8-0x0000000000400000-0x0000000000A91000-memory.dmpFilesize
6.6MB
-
memory/2924-10-0x0000000000400000-0x0000000000A91000-memory.dmpFilesize
6.6MB
-
memory/2924-9-0x0000000000400000-0x0000000000A91000-memory.dmpFilesize
6.6MB
-
memory/2924-13-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB