Overview

overview

7

Static

static

7

97d5f728c4...cs.exe

windows7-x64

7

97d5f728c4...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97d5f728c49239899cd7fff3e22ff3d0_NeikiAnalytics.exe

  • Size

    2.4MB

  • MD5

    97d5f728c49239899cd7fff3e22ff3d0

  • SHA1

    61c413711962e0097a449b29d0740724cd7898f3

  • SHA256

    b4a64134c094b0cbbcf989310280682f3808fcff8ca5dd49c481afa11bb076a2

  • SHA512

    34e45769fc57ae97c407eaa70f64781247af65e290b651b35391884e65f4986137ae9aff5b7276d192d224f777cfb67f2c7f86cbc308da91b7d2975d25ac385e

  • SSDEEP

    24576:cuUTmNOrDY84Dt/XdYzBdu+CNIK2wad3Jd8Jyn7Z7JzC8DsHoMTMtbixxH0GP+CY:cUN849wxy3UfhqYOlDMvz

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\97d5f728c49239899cd7fff3e22ff3d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\97d5f728c49239899cd7fff3e22ff3d0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4200
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e5743c0.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e5743c0.exe 240600000
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e5743c0.exe
    Filesize

    2.4MB

    MD5

    a682d2a917ea9f89369eabf0ad1da090

    SHA1

    a4454b72fe59f1b84bb69491cb12446e3dd5a57a

    SHA256

    f44f3720feaf62e763c35ed89222288a576d4cfd27d01563301f89310d91deda

    SHA512

    297db9d3702f2bb2967fb80822a3170b605f33440fafe15240bf4693f852ad55ea362ec4f9064c3da6b749d249202d10a6770fa85db04600f7c11862b0bc235c

    Download Submit

  • memory/4200-0-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/4200-10-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/4356-5-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/4356-6-0x000000007614A000-0x000000007614B000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4356-11-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download