933b5acb7c2ccb1ebdb4612e907a2627757844178d1077b7a0c404eac1051ae2 | Triage

Submit
Reports

Overview

overview

Static

static

7

3b74093552...cs.exe

windows7-x64

3b74093552...cs.exe

windows10-2004-x64

Sharing

General

Target

3b740935520147afea5b306d569097b0_NeikiAnalytics.exe
Size

34KB
Sample

240522-zxh85sgf3w
MD5

3b740935520147afea5b306d569097b0
SHA1

342a270999b4bd8424a2841edf8d6d7b53f862a8
SHA256

933b5acb7c2ccb1ebdb4612e907a2627757844178d1077b7a0c404eac1051ae2
SHA512

49e052880c28539e8357f10bc188e43fd818a9a5c24114e872696a53a7186785f1629201c1778ddd1324846844011db5a117c5af1f9d83ddbab05624c57bb0af
SSDEEP

768:UEzNbLcQ9qQuVriDMuyuruTD0qB77777J77c77c77c7nOTysMljy:l3h9qQA6hZunrB77777J77c77c77c7O7

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3b740935520147afea5b306d569097b0_NeikiAnalytics.exe

Resource

win7-20240508-en

persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

3b740935520147afea5b306d569097b0_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

evasion persistence upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  3b740935520147afea5b306d569097b0_NeikiAnalytics.exe
- Size
  
  34KB
- MD5
  
  3b740935520147afea5b306d569097b0
- SHA1
  
  342a270999b4bd8424a2841edf8d6d7b53f862a8
- SHA256
  
  933b5acb7c2ccb1ebdb4612e907a2627757844178d1077b7a0c404eac1051ae2
- SHA512
  
  49e052880c28539e8357f10bc188e43fd818a9a5c24114e872696a53a7186785f1629201c1778ddd1324846844011db5a117c5af1f9d83ddbab05624c57bb0af
- SSDEEP
  
  768:UEzNbLcQ9qQuVriDMuyuruTD0qB77777J77c77c77c7nOTysMljy:l3h9qQA6hZunrB77777J77c77c77c7O7
Score

10^/10

persistence upx evasion
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy