1ee668eb89632185f28405f9edc7db30abc49c96f0d93b4dc69f622eca989df5

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f16eebf4982df073947cec7046f67c0_NeikiAnalytics.exe
Size

137KB
MD5

4f16eebf4982df073947cec7046f67c0
SHA1

8fd390d5d40d623e827f68d7b72b61d2a58bb8aa
SHA256

1ee668eb89632185f28405f9edc7db30abc49c96f0d93b4dc69f622eca989df5
SHA512

9fac10c53ee677c67b07d8062d23f46d9255a710d76934cd0caa2da099e1dea77e282ea8d348b8850adb31b78213f8b6e45a0d56abb824c75e0d8b12d7bc03a1
SSDEEP

3072:AE9ByF5wP7Ht99mbaa+vKAzWvSVJSwpi6DsY:7907wTr9mea+i6WKQA

Score

8^/10

aspackv2 persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000700000002297b-7.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
2516	yvkllbe.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\yvkllbe.exe	4f16eebf4982df073947cec7046f67c0_NeikiAnalytics.exe
File created	C:\PROGRA~3\Mozilla\iavzpea.dll	yvkllbe.exe

C:\Users\Admin\AppData\Local\Temp\4f16eebf4982df073947cec7046f67c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4f16eebf4982df073947cec7046f67c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3972

C:\PROGRA~3\Mozilla\yvkllbe.exe
C:\PROGRA~3\Mozilla\yvkllbe.exe -delffli
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\yvkllbe.exe

Filesize
137KB

MD5
39edd5f0fa42f43c7c17411eef457add

SHA1
601bb5dfd15a601fd8781f79b37173d1fb650f47

SHA256
6ba7f544f335ab07f4d6f9e27314bc1dcdf01915705e104614677937d83439ad

SHA512
d6f97ee483e2a02c484ee059ee877d109d82258e8316158859cd451341093dd4a144aab7f0f2dd2ec0a47ec02572eb028871d13652c0742f0df196d2a61edcc7

Download Submit
memory/2516-13-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2516-12-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2516-11-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2516-14-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2516-9-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2516-17-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3972-2-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/3972-3-0x00000000020E0000-0x000000000213B000-memory.dmp

Filesize
364KB

Download
memory/3972-4-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3972-10-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3972-0-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/3972-1-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download