Overview

overview

7

Static

static

7

3ba03012aa...cs.exe

windows7-x64

7

3ba03012aa...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 22:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3ba03012aad84c0138f36d85e3308690_NeikiAnalytics.exe

  • Size

    134KB

  • MD5

    3ba03012aad84c0138f36d85e3308690

  • SHA1

    361ecce25056276a17f50175ed639e1aaf236425

  • SHA256

    092375545df3a83218fa8977645192687ef0cd95cef50b38ca46a765d146a83a

  • SHA512

    c1ec095dff68007447047d9f4d3f27077ca6c39af0f5ed947812ba410c4893b12cfb1f4af5736823589e69355b935948066f49812a394d28bf5c4590f6f1f809

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38Q2:riAyLN9aa+9U2rW1ip6pr2At7NZuQ2

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ba03012aad84c0138f36d85e3308690_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3ba03012aad84c0138f36d85e3308690_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2316

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Update\WwanSvc.exe
          Filesize

          134KB

          MD5

          89c0be2cb65f2084d3fed15fb405bc4e

          SHA1

          844ab8007256e028b8716b3d2bf863178fa2b65c

          SHA256

          215fff978639cc79619ac153c5a6bf671a3dccd0ab836dd7ac76947c177d6de3

          SHA512

          d8a7ac048b44e1f61581eca1dc877fec56ed15cc3f5f45e1d8dd59ae2dea4ea58728ba1b5a6645c2012e59f7134b595b5e8272abbc4e97637c939ea256604538

          Download Submit

        • memory/2316-6-0x0000000000CC0000-0x0000000000CE8000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2316-9-0x0000000000CC0000-0x0000000000CE8000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2328-0-0x0000000000960000-0x0000000000988000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2328-7-0x0000000000960000-0x0000000000988000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2328-8-0x0000000000240000-0x0000000000268000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2328-10-0x0000000000960000-0x0000000000988000-memory.dmp

          Filesize

          160KB

          Download