Overview

overview

7

Static

static

7

7c452a2b55...cs.exe

windows7-x64

7

7c452a2b55...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 12:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7c452a2b555c27a9e93d79e5d7e07610_NeikiAnalytics.exe

  • Size

    134KB

  • MD5

    7c452a2b555c27a9e93d79e5d7e07610

  • SHA1

    0fb75fa292f557cfe18bd6d45c933042d5304088

  • SHA256

    742f0343155120e0842c0989a21dcda374209bf84c21dd51feaad82aaf9ea478

  • SHA512

    f95e56dad111d6e0a74f23240e564efe899d7c376d63c3700193b178a01b71071a2c7bc306dbc60c48ed20a2ba960c8d14714903e3dbc648e25d9b712ccd2d7f

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38Qmo:riAyLN9aa+9U2rW1ip6pr2At7NZuQmo

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c452a2b555c27a9e93d79e5d7e07610_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7c452a2b555c27a9e93d79e5d7e07610_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2228

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \ProgramData\Update\WwanSvc.exe
          Filesize

          134KB

          MD5

          7a43d507b60d1d9dc3095b60fe020c44

          SHA1

          d834f2707eca8b3772f6db986ac7d9de7b3fadf7

          SHA256

          188822c27ce987e584eb30ab4389a9911c8e514fb94d9e3504472c9fa955b3c1

          SHA512

          944dd2a756a17658abc700f08a61f112b11515e7f9e54c4b8ccc12e3769abbbee8593607a6329cccca4455e3595aedf106d6448f5e3c61b523d5bf30d851369c

          Download Submit

        • memory/2228-6-0x0000000000DA0000-0x0000000000DC8000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2228-8-0x0000000000DA0000-0x0000000000DC8000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2248-1-0x00000000000F0000-0x0000000000118000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2248-7-0x0000000000120000-0x0000000000148000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2248-9-0x00000000000F0000-0x0000000000118000-memory.dmp

          Filesize

          160KB

          Download