Overview

overview

7

Static

static

7

19c8c2056d...cs.exe

windows7-x64

7

19c8c2056d...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 03:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19c8c2056da358d7358215c012d22ad0_NeikiAnalytics.exe

  • Size

    134KB

  • MD5

    19c8c2056da358d7358215c012d22ad0

  • SHA1

    8dbcc5070b23a908f7f364f16f72716651dd0535

  • SHA256

    4df45c5be53f0f78ac26cbf377d47102577c6cb0e02dbbc387ace75684c1c526

  • SHA512

    b7d455dffaa0a1371aa5402c4b52eaadb9ffb36c64886b08e96f24d16f51f74f2092c7e56bb4f945cd3a51f97af5e30e66135b85c3ac321cdc0148be554fad9a

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38Q6:riAyLN9aa+9U2rW1ip6pr2At7NZuQ6

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19c8c2056da358d7358215c012d22ad0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\19c8c2056da358d7358215c012d22ad0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\Update\WwanSvc.exe
    Filesize

    134KB

    MD5

    417ed5b66dcc3611a4edd10e16344170

    SHA1

    7d79ca30557fac56aad1f10c203d76bd41eac589

    SHA256

    e4be68513bb9d0a259acd770b2ff6636680b997e2c6342950acb684013ab3b3b

    SHA512

    9223036a989c41296dbd9ab6003cc5553a1dacafc516bf842a48973bfb9088af580d1af183f431c689ee336eeb033a781442a01d1637924aedae05a14ffce114

    Download Submit

  • memory/2036-6-0x00000000013E0000-0x0000000001408000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2220-0-0x0000000001020000-0x0000000001048000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2220-7-0x0000000001020000-0x0000000001048000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2220-8-0x0000000000080000-0x00000000000A8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2220-9-0x0000000001020000-0x0000000001048000-memory.dmp

    Filesize

    160KB

    Download