Overview

overview

8

Static

static

7

4404b14db0...cs.exe

windows7-x64

8

4404b14db0...cs.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 21:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4404b14db0ab55e62a9a992ec2e4c340_NeikiAnalytics.exe

  • Size

    695KB

  • MD5

    4404b14db0ab55e62a9a992ec2e4c340

  • SHA1

    04a265d95aa9e69f926552c62d2983b18825439e

  • SHA256

    1a0772f27d7bcd6ecd30562b4646a2d3c4820e843b9e36e67c51744a0928e7a8

  • SHA512

    31dbb31a86c20dc6263999a82247e8310defd7e7780bdc1be62ccfe9d6eb1f8d3c660d54571339dbcc7478cebb8bbd7d6c539c9ab6c9f63b013fd11b3a814e5f

  • SSDEEP

    12288:7tKe6Zv23YLVFhBsC8iFHSs7xPY1f6HriPwU8yMKhCaOpJEdOdUY7pW:v6Zv2ivhBVnFys7xP86LkJMlnEdOdUYA

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Program crash 1 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4404b14db0ab55e62a9a992ec2e4c340_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4404b14db0ab55e62a9a992ec2e4c340_NeikiAnalytics.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:3408
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 708
      2⤵
      • Program crash
      PID:4744
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4272,i,17949988676391029604,13756926835471203788,262144 --variations-seed-version --mojo-platform-channel-handle=4424 /prefetch:8
    1⤵
      PID:3928
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3408 -ip 3408
      1⤵
        PID:4000

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\concp32.exe
        Filesize

        699KB

        MD5

        4c8eea61f7d07abc42b962d82acfe82a

        SHA1

        140460656735171710519a7ba08f2836d8e68757

        SHA256

        2b4eec03761c72328e409f1f62448705cd9f5cba068b5ff0d91e833b006d5a42

        SHA512

        9a0d42f781544f2b103c3ed9bccceb0aaca6ded8ab253f4b0598a69b7170865737ad7bea0004e325c72bd93f728630d0e28115190b886c6e8a940012f3b27ce2

        Download Submit

      • memory/3408-0-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/3408-7-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download