Overview

overview

10

Static

static

7

6259428e22...cs.exe

windows7-x64

7

6259428e22...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-05-2024 03:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6259428e226dabc3588958b427d10100_NeikiAnalytics.exe

  • Size

    130KB

  • MD5

    6259428e226dabc3588958b427d10100

  • SHA1

    93a5472b819cb59d99c9f7895dca7a787275f05d

  • SHA256

    f20d05e66f24d54610761277ef3bbbc20b6b6aab1f66204c83435f836129a2bb

  • SHA512

    f820df6051c9d07da9d737fb54e7dede7524f3935c155f3a032c3ca64a8e060ffa295860cf9491ebba8c10da60e1045c555f4dd9c72d2d9f2dd59814e7afb03e

  • SSDEEP

    1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmX:SKQJcinxphkG5Q6GdpIOkJHhKRyOXK

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6259428e226dabc3588958b427d10100_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6259428e226dabc3588958b427d10100_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1936
    • C:\Users\Admin\AppData\Local\Temp\6259428e226dabc3588958b427d10100_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6259428e226dabc3588958b427d10100_NeikiAnalytics.exe"
      2⤵
        PID:217320
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\Users\Admin\AppData\Local\Temp\BEPRM.bat" "
          3⤵
            PID:71160
            • C:\Windows\SysWOW64\reg.exe
              REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v ".Flasfh" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\..Flash\Flaseher.exe" /f
              4⤵
                PID:219448
            • C:\Users\Admin\AppData\Roaming\..Flash\Flaseher.exe
              "C:\Users\Admin\AppData\Roaming\..Flash\Flaseher.exe"
              3⤵
                PID:219988

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\BEPRM.bat
            Filesize

            145B

            MD5

            da0cbe87b720a79b294147ed6a4b98be

            SHA1

            ebf0dc9efd7a12cb192e355cda87546acb4ab360

            SHA256

            7ccfeff356fdccc9145bd1e263aa1c56360ca7b6552ed5a5665c596d02a627ed

            SHA512

            f55c4a3d24d2f11db5eda3c816d1cd3b8804a171a7bf715b13d60788247fbb352eafaa5bd4e0a8086c1013396be0a48c7bdb904ab0f974fa0c75e81e3d365acc

            Download Submit
          • \Users\Admin\AppData\Roaming\..Flash\Flaseher.exe
            Filesize

            130KB

            MD5

            109e6c0d539bb4c5492986f58c54629a

            SHA1

            c75b8f5d85acf53fe7343c959551735d06bc3d82

            SHA256

            1d2cf11540c508e018c53b5e7a781b6fcf06b774682b72d45d0651ac92dd6e9f

            SHA512

            e1ec9285663ada1ecb69bdb3bb6755cbd442c185d67b00f9091d5e19a6f4ff7900c38e2a5f698414e09719b3ef5954ad1801bf1905271414bb4eef1e559494a5

            Download Submit
          • memory/1936-21-0x00000000003B0000-0x00000000003B1000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1936-798789-0x0000000002760000-0x0000000002783000-memory.dmp
            Filesize

            140KB

            Download
          • memory/1936-0-0x0000000000400000-0x0000000000423000-memory.dmp
            Filesize

            140KB

            Download
          • memory/1936-41-0x0000000000510000-0x0000000000511000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1936-51-0x0000000000550000-0x0000000000551000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1936-53-0x0000000000416000-0x0000000000417000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1936-119-0x0000000000400000-0x0000000000423000-memory.dmp
            Filesize

            140KB

            Download
          • memory/1936-3-0x00000000001C0000-0x00000000001C1000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1936-11-0x0000000000270000-0x0000000000271000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1936-798800-0x0000000000400000-0x0000000000423000-memory.dmp
            Filesize

            140KB

            Download
          • memory/1936-9-0x0000000000270000-0x0000000000271000-memory.dmp
            Filesize

            4KB

            Download
          • memory/217320-798798-0x0000000000400000-0x000000000040B000-memory.dmp
            Filesize

            44KB

            Download
          • memory/217320-798828-0x0000000001E30000-0x0000000001E53000-memory.dmp
            Filesize

            140KB

            Download
          • memory/217320-798843-0x0000000003330000-0x0000000003353000-memory.dmp
            Filesize

            140KB

            Download
          • memory/217320-798842-0x0000000003330000-0x0000000003353000-memory.dmp
            Filesize

            140KB

            Download
          • memory/217320-798841-0x0000000003330000-0x0000000003353000-memory.dmp
            Filesize

            140KB

            Download