Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 14:17

General

  • Target

    080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe

  • Size

    2.2MB

  • MD5

    080d1485cfbd03b271340e725881da60

  • SHA1

    2806467db3e45e071dd66ef2bf9f1307cd349399

  • SHA256

    4f780492c9a8a825f7c259aae31d0a9f00b435d7f87e297390c8386c63f32769

  • SHA512

    34c57614e5255355fae7bf73e71a2c6266c2b2d6fbd02c7d4fabe61b7af2e2054b8d4b799aa42917d21ba0eb39dc77b1e324b91f82c42f21925432aa62b90ae9

  • SSDEEP

    24576:n2dJqwaZs9a8fbKmIwlDSIerahovRCVCWWO0BubzQ0Rj3jtK+a++K+jNd1RzVCEL:n7n7pNXheQc3Fg7g3vYXg

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\080d1485cfbd03b271340e725881da60_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Users\Admin\AppData\Local\Temp\WG8D80.tmp
      C:\Users\Admin\AppData\Local\Temp\WG8D80.tmp
      2⤵
      • Executes dropped EXE
      PID:2528

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\Favorites\Íâ¹Ò×÷·»¹Ù·½Õ¾ [www.zuowg.com].url

          Filesize

          110B

          MD5

          7c8c531ff6a158742da186b1fad6e00e

          SHA1

          98d4551e0d6ac034838a17437640f3335edfaa86

          SHA256

          00ddbc71282fdbf74b8a02cc75b2c3d66529fe7664c148cc0ca79576a883c501

          SHA512

          1788173da6e9cf7e5421c02854ca9122d0825927f33fc64bafb76377ee80c0e1a8112c36ee40b1cbce86e121f864777e8ddf9aecd282f3cc82b70e12cc904805

        • \Users\Admin\AppData\Local\Temp\WG8D80.tmp

          Filesize

          15KB

          MD5

          e6b75a3573c1825d9827bf8720369010

          SHA1

          1fb308d81358ca8db5e6f7609b9caf697477b415

          SHA256

          8f55a211f420fcdae8ca894407f72e423997d054dbdab14c54568570a30daa03

          SHA512

          4713e374786be79088b276b322b2aa2e747bb1adc4fe7de6612a433c64a917b63d9cdd0de3cdcc786e2b7b11da421b6f73e60b9db7ceaba4cfe5d0d11528608c

        • memory/1284-29-0x0000000002AE0000-0x0000000002B03000-memory.dmp

          Filesize

          140KB

        • memory/1284-34-0x0000000002AE0000-0x0000000002B03000-memory.dmp

          Filesize

          140KB

        • memory/2528-36-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

        • memory/2528-38-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB