Overview

overview

8

Static

static

7

2f9b06bbc5...cs.exe

windows7-x64

8

2f9b06bbc5...cs.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    135s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-05-2024 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f9b06bbc5a9f1cb1e9909667fcdbe40_NeikiAnalytics.exe

  • Size

    44KB

  • MD5

    2f9b06bbc5a9f1cb1e9909667fcdbe40

  • SHA1

    b965a54161a8a9538ec230b26b5c5265f83d20d3

  • SHA256

    232887d778a1ac73fb8ec2ad2be8012dff2ad4ae06c27aa60dc00e4425dca02e

  • SHA512

    5de5047e17f343b2b2785b87c8db6a598c42c2809a58d6599228d7d2c70460466cbe8d7399ab882309389a6b947a5de774a1132a71a51f28e48f253854e88d48

  • SSDEEP

    384:CxL+q5r+PpHfXhUkKvI4QwjQ/vFJhheJ06oZrj/vBKDJZC/:ua4r+PpHfXGLOnNh8noR+Q/

Score
8/10
upx

Malware Config

Signatures

  • Drops file in Drivers directory 60 IoCs
  • Manipulates Digital Signatures 2 IoCs

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 7 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops desktop.ini file(s) 44 IoCs
  • Drops autorun.inf file 1 TTPs 25 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f9b06bbc5a9f1cb1e9909667fcdbe40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2f9b06bbc5a9f1cb1e9909667fcdbe40_NeikiAnalytics.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • NTFS ADS
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\SysWOW64\drivers\winlogon.exe
      "C:\Windows\System32\drivers\winlogon.exe"
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops autorun.inf file
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Windows\AE 0124 BE.exe
        "C:\Windows\AE 0124 BE.exe"
        3⤵
        • Drops file in Drivers directory
        • Manipulates Digital Signatures
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops desktop.ini file(s)
        • Drops autorun.inf file
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2616
        • C:\Windows\SysWOW64\drivers\winlogon.exe
          "C:\Windows\System32\drivers\winlogon.exe"
          4⤵
          • Drops file in Drivers directory
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:2528
      • C:\Windows\SysWOW64\drivers\winlogon.exe
        "C:\Windows\System32\drivers\winlogon.exe"
        3⤵
        • Drops file in Drivers directory
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        PID:2404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Msvbvm60.dll
    Filesize

    1.3MB

    MD5

    5343a19c618bc515ceb1695586c6c137

    SHA1

    4dedae8cbde066f31c8e6b52c0baa3f8b1117742

    SHA256

    2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce

    SHA512

    708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606

    Download Submit

  • \??\c:\B1uv3nth3x1.diz
    Filesize

    21B

    MD5

    9cceaa243c5d161e1ce41c7dad1903dd

    SHA1

    e3da72675df53fffa781d4377d1d62116eafb35b

    SHA256

    814649b436ea43dd2abb99693e06019d4079ee74d02a0395913add0ba92d0189

    SHA512

    af9b75dc9a0b39d12d48bf6d40eb7d778eb9dd976302792271d8d4245a916027cf4e705d6cd7a5e6582ba94953346f291122f27d377b2c1a86e45f49e92efb5b

    Download Submit

  • \Windows\SysWOW64\drivers\winlogon.exe
    Filesize

    48KB

    MD5

    44667ca37dd2bf9ad875fc2208e86a42

    SHA1

    027ac522c851198ef800f4f5e66b75b8cb48b183

    SHA256

    f965093187c05297e885d845054b7d275c72d1fc707208deb43151ef4b1b73d2

    SHA512

    3b9e300664b95280650c79f6753a70163b0485c8f63f60759bc58b83d2fda3b053eae560f9889ff0d819357046e8b9658c7299fe1a8106df0873001abffa70c9

    Download Submit

  • memory/2072-8-0x00000000028B0000-0x000000000336A000-memory.dmp

    Filesize

    10.7MB

    Download

  • memory/2072-23-0x0000000003EC0000-0x0000000003ECB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2072-22-0x0000000003EC0000-0x0000000003ECB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2072-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2072-58-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2404-72-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2528-57-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2616-87-0x0000000072940000-0x0000000072A93000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2616-91-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2616-53-0x0000000003ED0000-0x0000000003EDB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2616-52-0x0000000003ED0000-0x0000000003EDB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2616-361-0x0000000072940000-0x0000000072A93000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2616-92-0x0000000003ED0000-0x0000000003EDB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2616-93-0x0000000003ED0000-0x0000000003EDB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2616-46-0x00000000028A0000-0x000000000335A000-memory.dmp

    Filesize

    10.7MB

    Download

  • memory/2632-88-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2632-89-0x0000000000750000-0x000000000075B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2632-90-0x0000000000750000-0x000000000075B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2632-40-0x0000000000750000-0x000000000075B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2632-39-0x0000000000750000-0x000000000075B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2632-68-0x0000000003BA0000-0x0000000003BAB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2632-42-0x0000000002A10000-0x00000000034CA000-memory.dmp

    Filesize

    10.7MB

    Download