7869924b70ca08c287cccb42d2842496881e08a8145797422beac93c37062781

Analysis

max time kernel
137s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e372907a07955ec7f1b11fa741f040b0_NeikiAnalytics.exe
Size

190KB
MD5

e372907a07955ec7f1b11fa741f040b0
SHA1

1ba1dfff2279ab148e3af687632e317b4e97a84c
SHA256

7869924b70ca08c287cccb42d2842496881e08a8145797422beac93c37062781
SHA512

6551d7ba9d76efb924ef2f5df634dabe9a74f4439ae6fd724a6b87a3cdc027271ea3f0782835f9f3f6eede8069f17492bef7f8c3d29dc5e4c5d0275376900ad2
SSDEEP

3072:rYubs4vIPfIOKyCRfyJiJJMXybJg30TZZ+MbpqdNjfBDckH8sbigzwQjoE:Euk6fK6tixMbwNL+kDr/

Score

8^/10

aspackv2 persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x0008000000023265-7.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
4188	crdkdxb.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\crdkdxb.exe	e372907a07955ec7f1b11fa741f040b0_NeikiAnalytics.exe
File created	C:\PROGRA~3\Mozilla\xczzoaa.dll	crdkdxb.exe

C:\Users\Admin\AppData\Local\Temp\e372907a07955ec7f1b11fa741f040b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e372907a07955ec7f1b11fa741f040b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2252

C:\PROGRA~3\Mozilla\crdkdxb.exe
C:\PROGRA~3\Mozilla\crdkdxb.exe -ofessij
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4160 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\crdkdxb.exe

Filesize
190KB

MD5
b1bf0c49baf90b6c0a0d68567b182e9b

SHA1
2e2a55048d6f2e9c0c89236465f2902a8f5ebb34

SHA256
4684688b90aefb37cf9696ac075f6d4be7bacf91d13b37981fdb76b08168a7bc

SHA512
17dd3ade832f7fd78fabc6f4aa8d816b3daa039ce9092d67009e7c88ff80527ffc96c4d6dd56baa5026f05198a25d9a101dd793e36d6f957f381497aa5085f46

Download Submit
memory/2252-10-0x0000000002200000-0x000000000225B000-memory.dmp

Filesize
364KB

Download
memory/2252-1-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2252-3-0x0000000002200000-0x000000000225B000-memory.dmp

Filesize
364KB

Download
memory/2252-4-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2252-2-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2252-0-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2252-9-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4188-13-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4188-12-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4188-15-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4188-14-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4188-18-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download