Overview

overview

8

Static

static

7

055e08942c...cs.exe

windows7-x64

8

055e08942c...cs.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 15:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    055e08942c7ba1855f5e6f20effada39109b087aaf5a69b6b8952f99568ba765_NeikiAnalytics.exe

  • Size

    798KB

  • MD5

    18f0e38c7c5457038be60e3ad55c4ad0

  • SHA1

    d15fcaffad78a51af51c4a7646cb0fe997f77c28

  • SHA256

    055e08942c7ba1855f5e6f20effada39109b087aaf5a69b6b8952f99568ba765

  • SHA512

    08ce7c93e8f864eaed67036fef418cdcd765c081cfcb3c24704e773026444da90d1b685e82c6a7b928a8ac569db974c7b9e6a836f5556ca89f1a45a9d76838d7

  • SSDEEP

    12288:7tKe6Zv23YLVFhBsC8iFHSs7xPY1f6HrSUsP6AVjANDRqWWWsbzCeOEbli7Vf:v6Zv2ivhBVnFys7xP86LXtqWJ/erG

Score
8/10
persistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\055e08942c7ba1855f5e6f20effada39109b087aaf5a69b6b8952f99568ba765_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\055e08942c7ba1855f5e6f20effada39109b087aaf5a69b6b8952f99568ba765_NeikiAnalytics.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Windows\svchost.exe
      C:\Windows\svchost.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Modifies registry class
      PID:3036

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\concp32.exe
          Filesize

          807KB

          MD5

          3c1a2ee9b0cd79317281e00504684fb8

          SHA1

          491f3b5337da6d7f7c77d2fffca0aa53113688de

          SHA256

          74a9669aff410d53c49660cfdeace6c364218e45160f6ac1fddd5396d0758238

          SHA512

          76c4d85b6d64d7ce7c427889de04fb59102a7b9c4e5af57dd259bb44d0df9164efae83ecf2aa7ff84fd691a1e24c266b54832644436a35f30bbb8462697958a2

          Download Submit

        • C:\Windows\svchost.exe
          Filesize

          800KB

          MD5

          219ecd9a3d6064c0ea91d062076f0800

          SHA1

          fe319a38bfc1c726e8f299031a3b7d239ce42190

          SHA256

          042551795b58e703ef4e5242dde2466088adb445a5e8066009d6f12f77813fc0

          SHA512

          6fb7780bf90317814a458b83c04a6a22101abf6e69b186158db9eab59279b7442b976b3595c58c764d51f265a29398f54ec7e0709ec97b3eca09b9b4d35bc63f

          Download Submit

        • memory/2848-0-0x0000000000400000-0x0000000000439000-memory.dmp

          Filesize

          228KB

          Download

        • memory/2848-13-0x0000000000220000-0x0000000000259000-memory.dmp

          Filesize

          228KB

          Download

        • memory/2848-15-0x0000000000400000-0x0000000000439000-memory.dmp

          Filesize

          228KB

          Download

        • memory/2848-14-0x0000000000220000-0x0000000000259000-memory.dmp

          Filesize

          228KB

          Download

        • memory/3036-17-0x0000000000400000-0x0000000000439000-memory.dmp

          Filesize

          228KB

          Download

        • memory/3036-18-0x0000000000400000-0x0000000000439000-memory.dmp

          Filesize

          228KB

          Download