Overview

overview

7

Static

static

7

d435a11eb1...cs.exe

windows7-x64

7

d435a11eb1...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 11:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe

  • Size

    39KB

  • MD5

    d435a11eb12f7ac31686484415dcfb60

  • SHA1

    83dcbbb9354c1592a384c7b1db52742d406971ba

  • SHA256

    ce8883c8396a1dcee96c7fc51867e65464f2283cc3fc6944a09dfbb60b85864d

  • SHA512

    28fcf074eacb4457e0a52f6ab6b39abaa74e78ca3d60ffaa6c94e450c6202e282c2adf0c6b76dafea4192ae8b265525510a8e797eecd6ec87a42ae750f3e6877

  • SSDEEP

    384:TPPv4oY5XBZyNPnux6G9c3gW0AC+QWWgarhuBz2:TAB5XHUuIG9c6E7WgOhuBa

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d435a11eb12f7ac31686484415dcfb60_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Users\Admin\AppData\Local\Temp\opera_autoupdater.exe
      "C:\Users\Admin\AppData\Local\Temp\opera_autoupdater.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2468

Network

  • flag-us
    DNS
    ncaappraisers.com
    opera_autoupdater.exe
    Remote address:
    8.8.8.8:53
    Request
    ncaappraisers.com
    IN A
    Response
    ncaappraisers.com
    IN A
    216.245.197.42
  • flag-us
    GET
    http://ncaappraisers.com/images/0203UKc.enc
    opera_autoupdater.exe
    Remote address:
    216.245.197.42:80
    Request
    GET /images/0203UKc.enc HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: ncaappraisers.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 496
    content-type: text/html; charset=utf-8
    date: Fri, 10 May 2024 11:37:56 GMT
    server: nginx
    set-cookie: sid=beedda50-0ec1-11ef-b252-8554600bf9db; path=/; domain=.ncaappraisers.com; expires=Wed, 28 May 2092 14:52:03 GMT; max-age=2147483647; HttpOnly
  • flag-us
    DNS
    lbindustries.org
    opera_autoupdater.exe
    Remote address:
    8.8.8.8:53
    Request
    lbindustries.org
    IN A
    Response
    lbindustries.org
    IN A
    208.91.197.132
  • flag-us
    GET
    http://lbindustries.org/images/banners/0203UKc.enc
    opera_autoupdater.exe
    Remote address:
    208.91.197.132:80
    Request
    GET /images/banners/0203UKc.enc HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: lbindustries.org
    Cache-Control: no-cache
    Response
    HTTP/1.1 403 Forbidden
    Date: Fri, 10 May 2024 11:37:55 GMT
    Server: Apache
    Content-Length: 302
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    http://lbindustries.org/images/banners/0203UKc.enc
    opera_autoupdater.exe
    Remote address:
    208.91.197.132:80
    Request
    GET /images/banners/0203UKc.enc HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: lbindustries.org
    Cache-Control: no-cache
    Response
    HTTP/1.1 403 Forbidden
    Date: Fri, 10 May 2024 11:37:56 GMT
    Server: Apache
    Content-Length: 302
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    http://lbindustries.org/images/banners/0203UKc.enc
    opera_autoupdater.exe
    Remote address:
    208.91.197.132:80
    Request
    GET /images/banners/0203UKc.enc HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: lbindustries.org
    Cache-Control: no-cache
    Response
    HTTP/1.1 403 Forbidden
    Date: Fri, 10 May 2024 11:37:56 GMT
    Server: Apache
    Content-Length: 302
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    http://lbindustries.org/images/banners/0203UKc.enc
    opera_autoupdater.exe
    Remote address:
    208.91.197.132:80
    Request
    GET /images/banners/0203UKc.enc HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: lbindustries.org
    Cache-Control: no-cache
    Response
    HTTP/1.1 403 Forbidden
    Date: Fri, 10 May 2024 11:37:57 GMT
    Server: Apache
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    http://ncaappraisers.com/images/0203UKc.enc
    opera_autoupdater.exe
    Remote address:
    216.245.197.42:80
    Request
    GET /images/0203UKc.enc HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: ncaappraisers.com
    Cache-Control: no-cache
    Cookie: sid=beedda50-0ec1-11ef-b252-8554600bf9db
    Response
    HTTP/1.1 200 OK
    accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 496
    content-type: text/html; charset=utf-8
    date: Fri, 10 May 2024 11:37:56 GMT
    server: nginx
  • flag-us
    GET
    http://ncaappraisers.com/images/0203UKc.enc
    opera_autoupdater.exe
    Remote address:
    216.245.197.42:80
    Request
    GET /images/0203UKc.enc HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: ncaappraisers.com
    Cache-Control: no-cache
    Cookie: sid=beedda50-0ec1-11ef-b252-8554600bf9db
    Response
    HTTP/1.1 200 OK
    accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 496
    content-type: text/html; charset=utf-8
    date: Fri, 10 May 2024 11:37:57 GMT
    server: nginx
  • flag-us
    GET
    http://ncaappraisers.com/images/0203UKc.enc
    opera_autoupdater.exe
    Remote address:
    216.245.197.42:80
    Request
    GET /images/0203UKc.enc HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: ncaappraisers.com
    Cache-Control: no-cache
    Cookie: sid=beedda50-0ec1-11ef-b252-8554600bf9db
    Response
    HTTP/1.1 200 OK
    accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 496
    content-type: text/html; charset=utf-8
    date: Fri, 10 May 2024 11:37:57 GMT
    server: nginx
  • 216.245.197.42:80
    http://ncaappraisers.com/images/0203UKc.enc
    http
    opera_autoupdater.exe
    379 B
     1.1kB
     5
    5

    HTTP Request

    GET http://ncaappraisers.com/images/0203UKc.enc

    HTTP Response

    200
  • 208.91.197.132:80
    http://lbindustries.org/images/banners/0203UKc.enc
    http
    opera_autoupdater.exe
    2.1kB
     66.9kB
     33
    58

    HTTP Request

    GET http://lbindustries.org/images/banners/0203UKc.enc

    HTTP Response

    403

    HTTP Request

    GET http://lbindustries.org/images/banners/0203UKc.enc

    HTTP Response

    403

    HTTP Request

    GET http://lbindustries.org/images/banners/0203UKc.enc

    HTTP Response

    403

    HTTP Request

    GET http://lbindustries.org/images/banners/0203UKc.enc

    HTTP Response

    403
  • 216.245.197.42:80
    http://ncaappraisers.com/images/0203UKc.enc
    http
    opera_autoupdater.exe
    429 B
     991 B
     5
    5

    HTTP Request

    GET http://ncaappraisers.com/images/0203UKc.enc

    HTTP Response

    200
  • 216.245.197.42:80
    http://ncaappraisers.com/images/0203UKc.enc
    http
    opera_autoupdater.exe
    429 B
     991 B
     5
    5

    HTTP Request

    GET http://ncaappraisers.com/images/0203UKc.enc

    HTTP Response

    200
  • 216.245.197.42:80
    http://ncaappraisers.com/images/0203UKc.enc
    http
    opera_autoupdater.exe
    383 B
     991 B
     4
    5

    HTTP Request

    GET http://ncaappraisers.com/images/0203UKc.enc

    HTTP Response

    200
  • 8.8.8.8:53
    ncaappraisers.com
    dns
    opera_autoupdater.exe
    63 B
     79 B
     1
    1

    DNS Request

    ncaappraisers.com

    DNS Response

    216.245.197.42

  • 8.8.8.8:53
    lbindustries.org
    dns
    opera_autoupdater.exe
    62 B
     78 B
     1
    1

    DNS Request

    lbindustries.org

    DNS Response

    208.91.197.132

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\opera_autoupdater.exe
    Filesize

    39KB

    MD5

    71caf8c0aa1c756fc4f33fec239163fd

    SHA1

    529dc3e6dab721bd3ba78c711f98758c122cd51d

    SHA256

    0538dd0f1457a3a663635924fc17479958fd7fd93a7746205665a87783007044

    SHA512

    097e2b776fe5c289cdf1896fd3ad6ed491a4d9adaaff208455481c83188cdcbc3ec73b5017dbff562b0b6fc8b488bc781e7d7b073783908d78996f318f364eb7

    Download Submit

  • memory/1740-0-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1740-2-0x0000000000403000-0x0000000000404000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1740-9-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2468-10-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2468-13-0x0000000000020000-0x000000000002D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2468-23-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.