Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2024, 11:48

General

  • Target

    54e3722e65bff1800fa6d58f8bea7560_NeikiAnalytics.exe

  • Size

    427KB

  • MD5

    54e3722e65bff1800fa6d58f8bea7560

  • SHA1

    9c2ecad59f091f3ebc3a5e4105c5a40f7dce5b06

  • SHA256

    a69b8c96db4b68c72e103978877238ef9aacb368376c3543b7cf9cedc8e76fae

  • SHA512

    bdee93f53ffd97d86f2bce9219b3d3affa42c0f1e5e09be08abe35d6128971ee7066d61939f3b3e1e890a8bdb1a31b35d4a9fd72812e9cf9e6f8573ec5bdcc5d

  • SSDEEP

    6144:v2ja0W9vFWhZ4HYaWtsV6gNbncvlNFn9XGTWve/0OvCEv:v6a0W9vF2SLM0NAvlNFn8TWvecOvfv

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54e3722e65bff1800fa6d58f8bea7560_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\54e3722e65bff1800fa6d58f8bea7560_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4268
    • C:\Users\Admin\AppData\Local\Temp\Sysceamgiqom.exe
      "C:\Users\Admin\AppData\Local\Temp\Sysceamgiqom.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Sysceamgiqom.exe

          Filesize

          427KB

          MD5

          48bec37ebcd4a2178e5f12c6aa61acfd

          SHA1

          bd138e62c285b9eac1e81253240fc70049ed84e1

          SHA256

          cc98784d9bbc919ddd5b3fb9f60448cd3cb1efd8217a2b63e040cc3fe8a00f30

          SHA512

          8a4c6b09dbbd0415e47e78efc2f3e05f700bb700129af481a72b422cb79ddd1614bec64d05df999da8dce0306e50d3c1f08e5f50cf8dbb0cbff417c777d60186

        • C:\Users\Admin\AppData\Local\Temp\cpath.ini

          Filesize

          85B

          MD5

          f3c13a8491eacec21cb6e4e08275fc79

          SHA1

          f15617afa3611aa196fef7a11542038c8ed1f3d0

          SHA256

          3c55c82473198408f935a198c41592eb96be93e37c60919f42cf12b80cb0d1ec

          SHA512

          c5d3db45e8cc13559af69105a24acad9517769873c54aeb35c91516bb58a3ed9582fb9eebc92400a022d0956627cd44e2829920e1cb2c08f30c1bc4988c9d434

        • memory/4068-42-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB

        • memory/4268-0-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB

        • memory/4268-41-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB