Overview

overview

10

Static

static

7

3b74093552...cs.exe

windows7-x64

10

3b74093552...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 21:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b740935520147afea5b306d569097b0_NeikiAnalytics.exe

  • Size

    34KB

  • MD5

    3b740935520147afea5b306d569097b0

  • SHA1

    342a270999b4bd8424a2841edf8d6d7b53f862a8

  • SHA256

    933b5acb7c2ccb1ebdb4612e907a2627757844178d1077b7a0c404eac1051ae2

  • SHA512

    49e052880c28539e8357f10bc188e43fd818a9a5c24114e872696a53a7186785f1629201c1778ddd1324846844011db5a117c5af1f9d83ddbab05624c57bb0af

  • SSDEEP

    768:UEzNbLcQ9qQuVriDMuyuruTD0qB77777J77c77c77c7nOTysMljy:l3h9qQA6hZunrB77777J77c77c77c7O7

Score
10/10
evasionpersistenceupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 3 IoCs
    persistence
  • Disables RegEdit via registry modification 2 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
    persistence
  • Executes dropped EXE 2 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • UPX packed file 34 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops file in System32 directory 12 IoCs
  • Drops file in Windows directory 20 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b740935520147afea5b306d569097b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3b740935520147afea5b306d569097b0_NeikiAnalytics.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Modifies Installed Components in the registry
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4664
    • C:\Users\Admin\Templates\adtools.{D20EA4E1-3957-11d2-A40B-0C5020524153}\÷ùù§øÕùùø„•.exe
      C:\Users\Admin\Templates\adtools.{D20EA4E1-3957-11d2-A40B-0C5020524153}\÷ùù§øÕùùø„•.exe
      2⤵
      • Modifies WinLogon for persistence
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4724
    • C:\Users\Admin\Templates\adtools.{D20EA4E1-3957-11d2-A40B-0C5020524153}\üþþ¬ýÚþþý.exe
      C:\Users\Admin\Templates\adtools.{D20EA4E1-3957-11d2-A40B-0C5020524153}\üþþ¬ýÚþþý.exe
      2⤵
      • Modifies WinLogon for persistence
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\adtools.{D20EA4E1-3957-11d2-A40B-0C5020524153}\÷ùù§øÕùùø„•.exe
    Filesize

    44KB

    MD5

    62d90fad015832eed4bf19d1b28e28d9

    SHA1

    e47a78cdc8ee374563e033c0c21af9c4c0be385e

    SHA256

    6968793399f62703e502a6d2a0dc57b85bac4280ca21ed59dfe932e140072be0

    SHA512

    d4a01852f6d2ce3083af467a5659a34246fef1c3a9d0c43c7f419e6dc7dd815331c0b545a63ad6ea51225e98c6975f31bafed5eecc2ff1f54641889f6a3bda27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\adtools.{D20EA4E1-3957-11d2-A40B-0C5020524153}\üþþ¬ýÚþþý.exe
    Filesize

    33KB

    MD5

    38ce6ef96a69e07109075e19d5f18376

    SHA1

    4a13167ea57ebbaa72d432b450b0889e04d36c66

    SHA256

    48deeba6e9464df02d9c3e992d9a6d38bec25194083eca67f10f4cd5aeef197f

    SHA512

    8f305205d7d5e94ab3fbe828c9993c1bbefe1f4d3d2daa33132eecdff420b456811821b6c59e0103c921e2fd9836d40360bf1240d14e5d576b00f8cca9d05f93

    Download Submit

  • memory/3980-42-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-28-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-38-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-50-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-23-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-48-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-25-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-46-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-44-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-16-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-36-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-30-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-32-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-40-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3980-34-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4664-0-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4664-21-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-33-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-37-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-35-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-39-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-31-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-41-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-29-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-43-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-27-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-45-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-26-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-47-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-24-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-49-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4724-22-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download