Overview

overview

10

Static

static

3

7773f5540b...cs.exe

windows7-x64

7

7773f5540b...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7773f5540b8a9de6a0177a0b93f5ee10_NeikiAnalytics.exe

  • Size

    15KB

  • MD5

    7773f5540b8a9de6a0177a0b93f5ee10

  • SHA1

    03d70b11f6cc84325837d5465eee3240bd1bf227

  • SHA256

    7606c6d04811e886949fe5292193b28a1b2e92bf3f02bbb7daa207f40afece88

  • SHA512

    2dd752cdf3c89734ec4a3f6bcd517c915dc07dd49bf23f55b126ce0bc800818aa715cd8333b56d25dce7c15a1740ba6cd901f868ef766a19bac205f6f2456bd6

  • SSDEEP

    384:D6beVjFjyrtvuo1071bkw7KTCfceK/bWFuDic4O:D6bOjypv0hk2UCUVCFu2VO

Score
10/10
evasionpersistenceupx

Malware Config

Signatures

  • Modifies security service 2 TTPs 2 IoCs
    evasion
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies WinLogon 2 TTPs 8 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7773f5540b8a9de6a0177a0b93f5ee10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7773f5540b8a9de6a0177a0b93f5ee10_NeikiAnalytics.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Modifies security service
      • Deletes itself
      • Loads dropped DLL
      PID:1208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\sysfldr.dll
    Filesize

    12KB

    MD5

    0dbc821851c9330eb9aadc94f6dc2b61

    SHA1

    c35084067259a4f6c19c579be61f05b3eb914371

    SHA256

    90fd732c310f490a676d5573b463c386399cff25c9bf959f10c05038c7795e22

    SHA512

    bad8f665315b310ba02a8eb9363b44061ee520c809550ae56f7b3c9c3a2ec44b6c338200f5c56e4c6d0f995c38e292535646a30ec4ceed366e96acd88410ca53

    Download Submit

  • memory/1208-5-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1208-3-0x0000000013140000-0x0000000013146000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1208-6-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1208-8-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1208-14-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3004-0-0x0000000013140000-0x0000000013146000-memory.dmp

    Filesize

    24KB

    Download