Overview

overview

7

Static

static

3

d32d824838...cs.exe

windows7-x64

7

d32d824838...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 11:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d32d8248385f04ca5053f1d9c14d28d0_NeikiAnalytics.exe

  • Size

    480KB

  • MD5

    d32d8248385f04ca5053f1d9c14d28d0

  • SHA1

    4c24038b7f14d102cb36d97735e0d76579a5576e

  • SHA256

    40145cfbe54bb420e1af7808a1fae3d0fe8dce988b6492a5a70635e188a7093c

  • SHA512

    129bf4a1be0e2002ff2af2e2ced64984511d73b4d811d2e9cfbf4069cda31972f036b554209def297ec3a5d0ba62578f279c351362ed702f9acce0a0c1c9e88e

  • SSDEEP

    12288:AjauDReWw0IA9xkQWrutKXJ7f/BDWxQ1LqpdTd:ADDs0IA9x0rutK5/BDj1kTd

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d32d8248385f04ca5053f1d9c14d28d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d32d8248385f04ca5053f1d9c14d28d0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1444
    • C:\ProgramData\updqu.exe
      "C:\ProgramData\updqu.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    480KB

    MD5

    ab459a26f6ca644a4b1628495e3f5923

    SHA1

    83ee2ef25a10b267b6dd3dce3add191719ac9be7

    SHA256

    137e7ab9912fe5495328fa95eefcb63b16ab0b1ee0e814d3becef1f68c5d04d4

    SHA512

    b61af67c32bed3ad9b0e0d6272fdf50a8e9fe40d75002e89d9a16a93554f850854e07c2f655f3e71ad3af7300193443ce963726f423f8c9ce094a3cd8e428107

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    2bd01b99551cc639ddb5cb66914904a6

    SHA1

    50beb8bab8be15271951130ac833eb19566f9333

    SHA256

    9764e531dd52e37a454c7f052a17fe7b68821dc3570286aab7bb4706639efe40

    SHA512

    374436459d62bdd62fc79b779e5aef155d7b8817e3d64e53639130be49d061a251d04a3882d403c1cacf890f91fa53e9137e551f3f6479341e09fe97c7bf2390

    Download Submit

  • C:\ProgramData\updqu.exe
    Filesize

    343KB

    MD5

    d501436a202776134947be29d55ae6c0

    SHA1

    0061da84ac614bc7649e20241595b90cb6d6132d

    SHA256

    d6901f65c1d3f8ba03311d70cf7647c35d67d79c517ee8a99573ce0e344ac7ad

    SHA512

    94a9e892421f8fdbdd7cf12885667eac3393e956a19edae9684e4b53b5e2f408d8145ee649b06b3141f929bcb5fb51704b996781a169069327c9cd8a5e76d143

    Download Submit

  • memory/432-130-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1444-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1444-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1444-9-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download