Overview

overview

10

Static

static

10

Nikita.rar

windows7-x64

3

Nikita.rar

windows10-2004-x64

3

Nikita/Lua.Kb2.dll

windows7-x64

1

Nikita/Lua.Kb2.dll

windows10-2004-x64

1

Nikita/Nikita.exe

windows7-x64

7

Nikita/Nikita.exe

windows10-2004-x64

9

��%�J�w.pyc

windows7-x64

��%�J�w.pyc

windows10-2004-x64

Resubmissions

03/09/2024, 14:00

240903-rbdgrszdnh 10

02/09/2024, 16:29

240902-tzdhsatfnn 10

Analysis

  • max time kernel
    144s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 16:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Nikita.rar

  • Size

    6.7MB

  • MD5

    a63d54b86ba71e9725a3ba5c73894bb5

  • SHA1

    f38f45a84c967da3db55540ac9ca2e1f78f834bb

  • SHA256

    d7faca4503dbcf15254bf50daf808e675522d9bf2047799a0b8b72a51533ce0e

  • SHA512

    cf2811caeeb037e4c769628db816804c134ec1e02254aaf0de9018515a9d0cad79a902e4be7be43f00f42bea838d2a06f40e2f2aedd1557cf8886a80bb4083ed

  • SSDEEP

    196608:Jcg2ylA+VCoAHQyrTT0HSkYYjZ1Vq1/SIiDzN:ZDo13virnVq1aImzN

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Nikita.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Nikita.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Nikita.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2844
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Nikita.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2636

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2636-29-0x000000013F530000-0x000000013F628000-memory.dmp

          Filesize

          992KB

          Download

        • memory/2636-30-0x000007FEF79F0000-0x000007FEF7A24000-memory.dmp

          Filesize

          208KB

          Download

        • memory/2636-34-0x000007FEF7990000-0x000007FEF79A1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2636-37-0x000007FEF7180000-0x000007FEF719D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/2636-36-0x000007FEF71A0000-0x000007FEF71B1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2636-35-0x000007FEF7540000-0x000007FEF7557000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2636-33-0x000007FEF79B0000-0x000007FEF79C7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2636-31-0x000007FEF6410000-0x000007FEF66C6000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/2636-32-0x000007FEF79D0000-0x000007FEF79E8000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2636-39-0x000007FEF7160000-0x000007FEF7171000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2636-44-0x000007FEF63C0000-0x000007FEF63D1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2636-49-0x000007FEF6310000-0x000007FEF6340000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2636-48-0x000007FEF6340000-0x000007FEF6358000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2636-47-0x000007FEF6360000-0x000007FEF6371000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2636-46-0x000007FEF6380000-0x000007FEF639B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2636-45-0x000007FEF63A0000-0x000007FEF63B1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2636-43-0x000007FEF6AA0000-0x000007FEF6AB1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2636-42-0x000007FEF7120000-0x000007FEF7138000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2636-41-0x000007FEF63E0000-0x000007FEF6401000-memory.dmp

          Filesize

          132KB

          Download

        • memory/2636-38-0x000007FEF6720000-0x000007FEF692B000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2636-40-0x000007FEF6AC0000-0x000007FEF6B01000-memory.dmp

          Filesize

          260KB

          Download

        • memory/2636-51-0x000007FEF51F0000-0x000007FEF5257000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2636-52-0x000007FEF5170000-0x000007FEF51EC000-memory.dmp

          Filesize

          496KB

          Download

        • memory/2636-53-0x000007FEF5150000-0x000007FEF5161000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2636-54-0x000007FEF50F0000-0x000007FEF5147000-memory.dmp

          Filesize

          348KB

          Download

        • memory/2636-59-0x000007FEF5020000-0x000007FEF5031000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2636-58-0x000007FEF5040000-0x000007FEF5063000-memory.dmp

          Filesize

          140KB

          Download

        • memory/2636-57-0x000007FEF5070000-0x000007FEF5088000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2636-56-0x000007FEF5090000-0x000007FEF50B4000-memory.dmp

          Filesize

          144KB

          Download

        • memory/2636-55-0x000007FEF50C0000-0x000007FEF50E8000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2636-50-0x000007FEF5260000-0x000007FEF6310000-memory.dmp

          Filesize

          16.7MB

          Download

        • memory/2636-60-0x000007FEF5000000-0x000007FEF5012000-memory.dmp

          Filesize

          72KB

          Download