Overview

overview

7

Static

static

7

26dbe9c614...cs.exe

windows7-x64

7

26dbe9c614...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 07:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    26dbe9c6142aef5e3bd89c5837ff3830_NeikiAnalytics.exe

  • Size

    2.0MB

  • MD5

    26dbe9c6142aef5e3bd89c5837ff3830

  • SHA1

    c95076630b21b77ba6e7360369e0df3b4f3333d0

  • SHA256

    fb16141ea139f6a09feb36cd3723598c875b112fafcfd82bdd2e5589c650458d

  • SHA512

    d41b73a3ba3a39fa5da78633224fee1b9af13c81015df845c763dcc64af24a9c015d189296dae3c5c8d9090bd38c5abfd57308305d52bca77604777847c455e2

  • SSDEEP

    49152:h3UR2w5aO12j3mVy88ukVy88uNVy88uDVy88uSVy88uzVy88uhVy88uJVy88uRVo:h36lE2Vy88ukVy88uNVy88uDVy88uSV2

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26dbe9c6142aef5e3bd89c5837ff3830_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\26dbe9c6142aef5e3bd89c5837ff3830_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4656

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\gcapi.dll
          Filesize

          31KB

          MD5

          9339bfe25011d5d5d09f6cfd9f6a36b9

          SHA1

          963bfac19298e16b5485ee2df5f04cdc8ca05a95

          SHA256

          633eb9ac10d46fbc300d5cb1777e9fbc0a5cd3b0a8da6e8b1bb6647a962a1e30

          SHA512

          aa172b03aae57e16bd55d6e893f54cb2fc60001e9c6be6c7c90d91ecdf0e9b20928ac82b84469780eb8cc5292e5a78d2413e14736950b33554c738bdce0c3d43

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\gtapi.dll
          Filesize

          38KB

          MD5

          368922dd93f7249504cce6c52476fd26

          SHA1

          cb81952e2d9327e92045a777b22cd37b838d1018

          SHA256

          d98c796b0d205b7537a864f696f7639ba301ce0330cb82a0b0234813a3d78fda

          SHA512

          33d812422981d09fd267f9a2b43bdf873110deff5633c74fd6ec9858db1a9638550bf8e0b3bd94c299a1c12e7fa2a0ae8a28b8e79ccae471a252268ac20a6a7c

          Download Submit

        • memory/4656-1-0x0000000000400000-0x00000000005FE000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/4656-7-0x0000000074A40000-0x0000000074A58000-memory.dmp

          Filesize

          96KB

          Download

        • memory/4656-13-0x0000000074790000-0x00000000747A7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/4656-14-0x0000000000400000-0x00000000005FE000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/4656-15-0x0000000074A40000-0x0000000074A58000-memory.dmp

          Filesize

          96KB

          Download

        • memory/4656-16-0x0000000074790000-0x00000000747A7000-memory.dmp

          Filesize

          92KB

          Download