Overview

overview

10

Static

static

10

ce58f09c1f...cs.exe

windows7-x64

7

ce58f09c1f...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-05-2024 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce58f09c1fd2e3d53f16c579f0c7e950_NeikiAnalytics.exe

  • Size

    80KB

  • MD5

    ce58f09c1fd2e3d53f16c579f0c7e950

  • SHA1

    6daf6c675fbccacc4966ba52a6cc4257085f88e0

  • SHA256

    11b601c4a4c13b07fb1783dccee903c98da103a02ff1702b7cd9e9dd7ff4f874

  • SHA512

    208ba79e75d227dbedb836cf05284d76168bf0756def95ff7ca8ed42f186e582ab8e13e35c9710f24bd1448568c08e125db60990b9a6439cf30d9675fe65ea18

  • SSDEEP

    1536:nL1YLP2tFivwdGoB5PpSUF23ICquF7i0CmuJd4BXL:L1YbClGo/RhFooBbd45

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce58f09c1fd2e3d53f16c579f0c7e950_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ce58f09c1fd2e3d53f16c579f0c7e950_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Users\Admin\AppData\Local\Temp\ce58f09c1fd2e3d53f16c579f0c7e950_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\ce58f09c1fd2e3d53f16c579f0c7e950_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ce58f09c1fd2e3d53f16c579f0c7e950_NeikiAnalytics.exe
    Filesize

    80KB

    MD5

    502946d61d8e1544c7cd371097b50ba4

    SHA1

    f08391d2204a24b6b8f18f177e300990f44f6a3d

    SHA256

    afb3bc2a679362e7e7a2bd6f8047671cf24353c493762ef82e0817d9eb8534b4

    SHA512

    afcdb924b64d25e8938ac9daafd82761111bd02996bc3d5772abb8125922aaa043b2ab0df107352e20461a41878b174720268b065a94becbaa22d8813d39f33f

    Download Submit
  • memory/2296-13-0x0000000000400000-0x000000000043A000-memory.dmp
    Filesize

    232KB

    Download
  • memory/2296-14-0x0000000000400000-0x000000000041B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/2296-19-0x0000000000190000-0x000000000019E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/2296-20-0x0000000000400000-0x000000000040E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/2296-25-0x00000000014B0000-0x00000000014CB000-memory.dmp
    Filesize

    108KB

    Download
  • memory/2296-26-0x0000000000400000-0x000000000043A000-memory.dmp
    Filesize

    232KB

    Download
  • memory/2908-0-0x0000000000400000-0x000000000043A000-memory.dmp
    Filesize

    232KB

    Download
  • memory/2908-1-0x00000000000E0000-0x00000000000EE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/2908-2-0x0000000000400000-0x000000000041B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/2908-12-0x0000000000400000-0x000000000041B000-memory.dmp
    Filesize

    108KB

    Download