Overview

overview

8

Static

static

7

e372907a07...cs.exe

windows7-x64

8

e372907a07...cs.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2024 19:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e372907a07955ec7f1b11fa741f040b0_NeikiAnalytics.exe

  • Size

    190KB

  • MD5

    e372907a07955ec7f1b11fa741f040b0

  • SHA1

    1ba1dfff2279ab148e3af687632e317b4e97a84c

  • SHA256

    7869924b70ca08c287cccb42d2842496881e08a8145797422beac93c37062781

  • SHA512

    6551d7ba9d76efb924ef2f5df634dabe9a74f4439ae6fd724a6b87a3cdc027271ea3f0782835f9f3f6eede8069f17492bef7f8c3d29dc5e4c5d0275376900ad2

  • SSDEEP

    3072:rYubs4vIPfIOKyCRfyJiJJMXybJg30TZZ+MbpqdNjfBDckH8sbigzwQjoE:Euk6fK6tixMbwNL+kDr/

Score
8/10
aspackv2persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e372907a07955ec7f1b11fa741f040b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e372907a07955ec7f1b11fa741f040b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2084
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {6844D8C0-C6CA-4037-9661-8D81D3CB79ED} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\PROGRA~3\Mozilla\zketugg.exe
      C:\PROGRA~3\Mozilla\zketugg.exe -bsvwzxb
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\zketugg.exe
    Filesize

    190KB

    MD5

    7110d383f318860ae007024787220467

    SHA1

    c6bb9c0021efd292ae7a3ee124a3ccf0e0ea26d8

    SHA256

    7c9aba4658d08adeb717977d45c45919fed405e72766731a89232dd06d865308

    SHA512

    68c8423cec492da198823aaf999c47610ca5596935778210c60f965ad29fe6cc618999eba0e098f16d32607bad790c25a47bbc0fca721972f95a8d20ca146ecc

    Download Submit

  • memory/2084-3-0x00000000002B0000-0x000000000030B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2084-2-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2084-0-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2084-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2084-6-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2084-1-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2648-9-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2648-11-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2648-10-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2648-12-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2648-13-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2648-15-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download