ce8883c8396a1dcee96c7fc51867e65464f2283cc3fc6944a09dfbb60b85864d

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe
Size

39KB
MD5

d435a11eb12f7ac31686484415dcfb60
SHA1

83dcbbb9354c1592a384c7b1db52742d406971ba
SHA256

ce8883c8396a1dcee96c7fc51867e65464f2283cc3fc6944a09dfbb60b85864d
SHA512

28fcf074eacb4457e0a52f6ab6b39abaa74e78ca3d60ffaa6c94e450c6202e282c2adf0c6b76dafea4192ae8b265525510a8e797eecd6ec87a42ae750f3e6877
SSDEEP

384:TPPv4oY5XBZyNPnux6G9c3gW0AC+QWWgarhuBz2:TAB5XHUuIG9c6E7WgOhuBa

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2468	opera_autoupdater.exe

Loads dropped DLL 4 IoCs

pid	Process
1740	d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe
2468	opera_autoupdater.exe
2468	opera_autoupdater.exe
2468	opera_autoupdater.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1740-0-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral1/files/0x000b000000012279-4.dat	upx
behavioral1/memory/2468-10-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral1/memory/1740-9-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral1/memory/2468-13-0x0000000000020000-0x000000000002D000-memory.dmp	upx
behavioral1/memory/2468-23-0x0000000000400000-0x000000000040D000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2468	1740	d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2468	1740	d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2468	1740	d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2468	1740	d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2468	1740	d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2468	1740	d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2468	1740	d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\opera_autoupdater.exe
  "C:\Users\Admin\AppData\Local\Temp\opera_autoupdater.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\opera_autoupdater.exe

Filesize
39KB

MD5
71caf8c0aa1c756fc4f33fec239163fd

SHA1
529dc3e6dab721bd3ba78c711f98758c122cd51d

SHA256
0538dd0f1457a3a663635924fc17479958fd7fd93a7746205665a87783007044

SHA512
097e2b776fe5c289cdf1896fd3ad6ed491a4d9adaaff208455481c83188cdcbc3ec73b5017dbff562b0b6fc8b488bc781e7d7b073783908d78996f318f364eb7

Download Submit
memory/1740-0-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1740-2-0x0000000000403000-0x0000000000404000-memory.dmp

Filesize
4KB

Download
memory/1740-9-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2468-10-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2468-13-0x0000000000020000-0x000000000002D000-memory.dmp

Filesize
52KB

Download
memory/2468-23-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download