Overview

overview

7

Static

static

3

3478b15046...cs.exe

windows7-x64

7

3478b15046...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2024, 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3478b150467c23f1d1a978d49fd85a10_NeikiAnalytics.exe

  • Size

    65KB

  • MD5

    3478b150467c23f1d1a978d49fd85a10

  • SHA1

    f89f2c2f37c08ba189c873d428e9076ab115a1a9

  • SHA256

    9ff9623055f8121b92655584fb9c51d4e017d974cd5adf92c0ba63288f08fe34

  • SHA512

    40142290aa573936ca1ce33b12f5f28564ceb64e7ee7f1bef1b727002bc311f683a823040bb744096b9df0d8dd4d731d95fd01e2fab97887d5b0b8d1c8211f69

  • SSDEEP

    1536:NLI4qg9+Q/KMJqSsGpdNmLUIsWsdM5T233AFCz:Bb/jq0LNmLUIsWsdM5T233AFCz

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3478b150467c23f1d1a978d49fd85a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3478b150467c23f1d1a978d49fd85a10_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\3478B1~1.EXE > nul
      2⤵
        PID:4584
    • C:\Windows\Debug\kbjhost.exe
      C:\Windows\Debug\kbjhost.exe
      1⤵
      • Executes dropped EXE
      PID:3236

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\debug\kbjhost.exe
      Filesize

      65KB

      MD5

      cb96305810ca69f1d26859ef9872aea2

      SHA1

      3cba4bc8b00debceed88f4445ca29ec3cb04c92e

      SHA256

      37483055473428f35112192a5a8c2f44dec2c77c2ac26190deeb811be77257f2

      SHA512

      461fcb549ba813e4b943cbd2814d98d3ec6bc013cfbbb2d5fa82834315d1aed8fa96f357755b6564762018d80023842c718af1b60b9c5397556c10027d32c338

      Download Submit

    • memory/3236-15-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3236-11-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3236-12-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3236-14-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3236-16-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3236-17-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3236-19-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3236-21-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3236-23-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3236-25-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/5064-3-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/5064-0-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download