Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2024, 11:48

General

  • Target

    54e3722e65bff1800fa6d58f8bea7560_NeikiAnalytics.exe

  • Size

    427KB

  • MD5

    54e3722e65bff1800fa6d58f8bea7560

  • SHA1

    9c2ecad59f091f3ebc3a5e4105c5a40f7dce5b06

  • SHA256

    a69b8c96db4b68c72e103978877238ef9aacb368376c3543b7cf9cedc8e76fae

  • SHA512

    bdee93f53ffd97d86f2bce9219b3d3affa42c0f1e5e09be08abe35d6128971ee7066d61939f3b3e1e890a8bdb1a31b35d4a9fd72812e9cf9e6f8573ec5bdcc5d

  • SSDEEP

    6144:v2ja0W9vFWhZ4HYaWtsV6gNbncvlNFn9XGTWve/0OvCEv:v6a0W9vF2SLM0NAvlNFn8TWvecOvfv

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54e3722e65bff1800fa6d58f8bea7560_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\54e3722e65bff1800fa6d58f8bea7560_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Users\Admin\AppData\Local\Temp\Sysceamxfzrp.exe
      "C:\Users\Admin\AppData\Local\Temp\Sysceamxfzrp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3012

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Sysceamxfzrp.exe

          Filesize

          427KB

          MD5

          4b7769ca5e4b980f5a3875f41c92a8c4

          SHA1

          7a562cc5e154edf5beec64b50c983a74f75ae213

          SHA256

          75796cc86050750cf40c3bf633c96a87285585aad44f04107a1e64af3acdb54a

          SHA512

          907b6ca9142d608c90b6ac4d688047d6f032f5bbd5de3d01f56bc8e2fd86b5e50228dfa4061c4cde446d739aa2b452e35674b062f5af8cb70151143f771d9682

        • C:\Users\Admin\AppData\Local\Temp\cpath.ini

          Filesize

          85B

          MD5

          f3c13a8491eacec21cb6e4e08275fc79

          SHA1

          f15617afa3611aa196fef7a11542038c8ed1f3d0

          SHA256

          3c55c82473198408f935a198c41592eb96be93e37c60919f42cf12b80cb0d1ec

          SHA512

          c5d3db45e8cc13559af69105a24acad9517769873c54aeb35c91516bb58a3ed9582fb9eebc92400a022d0956627cd44e2829920e1cb2c08f30c1bc4988c9d434

        • memory/2176-0-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB

        • memory/2176-17-0x0000000003FE0000-0x000000000404D000-memory.dmp

          Filesize

          436KB

        • memory/2176-18-0x0000000003FE0000-0x000000000404D000-memory.dmp

          Filesize

          436KB

        • memory/2176-22-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB

        • memory/3012-19-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB

        • memory/3012-23-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB