Overview

overview

10

Static

static

7

9f367f475b...cs.exe

windows7-x64

7

9f367f475b...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    89s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 05:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f367f475bd6bed5bc886e6d578d5130_NeikiAnalytics.exe

  • Size

    72KB

  • MD5

    9f367f475bd6bed5bc886e6d578d5130

  • SHA1

    3dd5c8c54019b93368f19cce69d04a3e51910a01

  • SHA256

    fe97fe4468d5eefa6f5b3df6a6ec4d9d3949b1929a4855801b071f8e3f0519ee

  • SHA512

    1faccc1d663e1eadb8427099cbaeafd7fde29c9f730aa635a336a229f97446aaa4a9330a947786b16cf8f3f482b065c0052600b353b5ef7315a44b5fcd77a899

  • SSDEEP

    1536:DOa2kZ+qcAGVRIcUjmTeyovQe1RLP0sLJtoz9ZDu7GOXTm:DOYZTBORVUjtvR1L96BSXK

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f367f475bd6bed5bc886e6d578d5130_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f367f475bd6bed5bc886e6d578d5130_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2960
    • C:\Users\Admin\AppData\Local\Temp\9f367f475bd6bed5bc886e6d578d5130_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f367f475bd6bed5bc886e6d578d5130_NeikiAnalytics.exe"
      2⤵
        PID:143428
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\Users\Admin\AppData\Local\Temp\XUIUF.bat" "
          3⤵
            PID:110572
            • C:\Windows\SysWOW64\reg.exe
              REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v ".Flasfh" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\..Flash\Flaseher.exe" /f
              4⤵
                PID:30732
            • C:\Users\Admin\AppData\Roaming\..Flash\Flaseher.exe
              "C:\Users\Admin\AppData\Roaming\..Flash\Flaseher.exe"
              3⤵
                PID:62820

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\XUIUF.bat
            Filesize

            145B

            MD5

            da0cbe87b720a79b294147ed6a4b98be

            SHA1

            ebf0dc9efd7a12cb192e355cda87546acb4ab360

            SHA256

            7ccfeff356fdccc9145bd1e263aa1c56360ca7b6552ed5a5665c596d02a627ed

            SHA512

            f55c4a3d24d2f11db5eda3c816d1cd3b8804a171a7bf715b13d60788247fbb352eafaa5bd4e0a8086c1013396be0a48c7bdb904ab0f974fa0c75e81e3d365acc

            Download Submit

          • \Users\Admin\AppData\Roaming\..Flash\Flaseher.exe
            Filesize

            72KB

            MD5

            aa4430fcbd818635b71870288f7901e7

            SHA1

            1324a602deba4ab8a22eadd882b4da88f48e84fd

            SHA256

            fda52020a5e1ab38d5937fd4f6b40b80e88ea1ed596f19be54636c7b8ee854aa

            SHA512

            56523fcc290a9c7ed37bb0fd6f5b6f2b5dd94e9b27980ce4d0423b63be0af0f1cb41ee9a81e6bd50319d646c0476025dc69e32d9330bddf2f577d3b524706d75

            Download Submit

          • memory/2960-445518-0x0000000002720000-0x0000000002742000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2960-21-0x0000000000320000-0x0000000000321000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2960-51-0x0000000000640000-0x0000000000641000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2960-41-0x00000000003F0000-0x00000000003F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2960-80-0x0000000000416000-0x0000000000417000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2960-95-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2960-360397-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2960-1-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2960-3-0x0000000000230000-0x0000000000231000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2960-445531-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2960-11-0x0000000000260000-0x0000000000261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2960-9-0x0000000000260000-0x0000000000261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/62820-445576-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/143428-445528-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/143428-445574-0x0000000002520000-0x0000000002542000-memory.dmp

            Filesize

            136KB

            Download

          • memory/143428-445558-0x0000000002520000-0x0000000002542000-memory.dmp

            Filesize

            136KB

            Download

          • memory/143428-445575-0x0000000002520000-0x0000000002542000-memory.dmp

            Filesize

            136KB

            Download

          • memory/143428-445573-0x0000000002520000-0x0000000002542000-memory.dmp

            Filesize

            136KB

            Download

          • memory/143428-445572-0x0000000002520000-0x0000000002542000-memory.dmp

            Filesize

            136KB

            Download