Overview

overview

7

Static

static

7

97d5f728c4...cs.exe

windows7-x64

7

97d5f728c4...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97d5f728c49239899cd7fff3e22ff3d0_NeikiAnalytics.exe

  • Size

    2.4MB

  • MD5

    97d5f728c49239899cd7fff3e22ff3d0

  • SHA1

    61c413711962e0097a449b29d0740724cd7898f3

  • SHA256

    b4a64134c094b0cbbcf989310280682f3808fcff8ca5dd49c481afa11bb076a2

  • SHA512

    34e45769fc57ae97c407eaa70f64781247af65e290b651b35391884e65f4986137ae9aff5b7276d192d224f777cfb67f2c7f86cbc308da91b7d2975d25ac385e

  • SSDEEP

    24576:cuUTmNOrDY84Dt/XdYzBdu+CNIK2wad3Jd8Jyn7Z7JzC8DsHoMTMtbixxH0GP+CY:cUN849wxy3UfhqYOlDMvz

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\97d5f728c49239899cd7fff3e22ff3d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\97d5f728c49239899cd7fff3e22ff3d0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761bab.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761bab.exe 259398571
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761bab.exe
    Filesize

    2.4MB

    MD5

    db346338305e7761a727e9e660356ec8

    SHA1

    164f19d58ffe066cc8b8d54c8fe45fd1a49f7dd6

    SHA256

    ba9afa8a1d79d2ca074a026178ce0ae3cbcf3732b7bea450d149db27bb7338bf

    SHA512

    300d0b8a436a30adf7c51b633e85b2d5dd8f0856b8f2e8487d3680920695fc4407bdd07973b69481374a901b8a51dc37002a3e5042c32f8ef9182ff9baa1613d

    Download Submit

  • memory/1216-10-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1216-12-0x000000007705D000-0x000000007705E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1216-17-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1736-0-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1736-4-0x00000000027F0000-0x0000000002AB7000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1736-16-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download