Overview

overview

10

Static

static

7

f04f5b372d...cs.exe

windows7-x64

10

f04f5b372d...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2024 16:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f04f5b372dad9dac6090fa2fae57d510_NeikiAnalytics.exe

  • Size

    19KB

  • MD5

    f04f5b372dad9dac6090fa2fae57d510

  • SHA1

    188a5f7bf10cb0cc6a4900b9bf4b17ae9d17d30d

  • SHA256

    b3587acb9dbdee77810b11762330880ec54b93b9d4599f219cad87009c4735b6

  • SHA512

    fd1d438f0d296d168a19bc83e1d8ebd97b511dbca09b26e9e881bdc83b8be9df267a2605c613fa607f6f7b9b8206eebe4e46eccf0cf870efad7aba5cdfe815f1

  • SSDEEP

    384:ZKRHBDj1y6sX7d/ZctaQTKfV1T6CSB8Oye3QBYLOU:URHBfCX7PcAD6CC8Oye3QaSU

Score
10/10
upatredownloaderupx

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f04f5b372dad9dac6090fa2fae57d510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\f04f5b372dad9dac6090fa2fae57d510_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:1284

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    19KB

    MD5

    e41f5e0e8b74882a94d1d79331a6d0d6

    SHA1

    8d35714ca4c22e2790f52b000f3e8b68048795d4

    SHA256

    2432793729f7788bd0eda4f8bc9d89b4ce3ba8cad3e89f93d38db65e4fdbfbf0

    SHA512

    06baac9d627d3b2eb0e030d7aed9e1ff436de2e32dd6eaece75cb17850f8834dc88da1a990e3dc77f0a148fce655208015e4175f75f9fb9cda41a27190b1fbf8

    Download Submit

  • memory/1316-0-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1316-8-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download