78e1ae349f22797681777965c3a5e1ab6ebecf50ede3e727332bb37eb5b8b070 | Triage

Submit
Reports

Overview

overview

Static

static

7

8452883f87...cs.exe

windows7-x64

8452883f87...cs.exe

windows10-2004-x64

Sharing

General

Target

8452883f87729c02b8178e223c28f320_NeikiAnalytics.exe
Size

91KB
Sample

240531-3gdv9shd8y
MD5

8452883f87729c02b8178e223c28f320
SHA1

a559cf5e9ad7ab5a773a5dcd9f10f2e010fbb2e4
SHA256

78e1ae349f22797681777965c3a5e1ab6ebecf50ede3e727332bb37eb5b8b070
SHA512

ca458432392e48aae57f66df01c18b05958e860ed0289fedfb2d6ffbbb5e136812f4c7b11fc713affd0b4518b5d598cc15b2d79c4f9e4f734ee7e333e70c9c0e
SSDEEP

1536:XJRtlEnBHHIgabuYotV/JbJCX5SBiGJRtlEnBHHIgabuYotV/JbJCX5SBiE:XvtYxOuYotvYQIGvtYxOuYotvYQIE

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8452883f87729c02b8178e223c28f320_NeikiAnalytics.exe

Resource

win7-20240215-en

evasion persistence upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

8452883f87729c02b8178e223c28f320_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

evasion persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  8452883f87729c02b8178e223c28f320_NeikiAnalytics.exe
- Size
  
  91KB
- MD5
  
  8452883f87729c02b8178e223c28f320
- SHA1
  
  a559cf5e9ad7ab5a773a5dcd9f10f2e010fbb2e4
- SHA256
  
  78e1ae349f22797681777965c3a5e1ab6ebecf50ede3e727332bb37eb5b8b070
- SHA512
  
  ca458432392e48aae57f66df01c18b05958e860ed0289fedfb2d6ffbbb5e136812f4c7b11fc713affd0b4518b5d598cc15b2d79c4f9e4f734ee7e333e70c9c0e
- SSDEEP
  
  1536:XJRtlEnBHHIgabuYotV/JbJCX5SBiGJRtlEnBHHIgabuYotV/JbJCX5SBiE:XvtYxOuYotvYQIGvtYxOuYotvYQIE
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy