Overview

overview

10

Static

static

3

3a5f0362b7...cs.exe

windows7-x64

10

3a5f0362b7...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2024 00:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a5f0362b77cc6bdfb0870a47d073b70_NeikiAnalytics.exe

  • Size

    69KB

  • MD5

    3a5f0362b77cc6bdfb0870a47d073b70

  • SHA1

    843fc02b4c0a934747517e8bf931e0050ccae548

  • SHA256

    c36df1409e755916514e12e921a23465f2d8e75fe8d72477ea2a12d2818ec3fe

  • SHA512

    0bbf627056a3d8f5f0eeb6fdcf51fa0f5e046dd029d7d956e882a4a5da46f8db5b1342a97890b918d81eb69159f8919f248b56b198d57c8d16b510014595a664

  • SSDEEP

    1536:5Y9jw/dUT62rGdiUOWWrMffJ+AxM+I+ceWgP/KmVQz:5Y9CUT62/UOVMffJ+AW+I+cX

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a5f0362b77cc6bdfb0870a47d073b70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3a5f0362b77cc6bdfb0870a47d073b70_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:3480

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    69KB

    MD5

    4b1ffef1800e6f29e087a927c54b6d72

    SHA1

    834b3d714f9cdc615baccb5d0e197caa5ac06273

    SHA256

    2800deba67b7fc8634b5844e82af16435a3e5c6670427ce31f14bb55d1010b0c

    SHA512

    45a57b37c5bad86ceba79971393bba222e72821d15dc64fe236ce350372c63c311189a15b01af9fd0a0f89c2719872da2ff107f46debd1c33d3462d3be358b74

    Download Submit
  • memory/1652-1-0x0000000000570000-0x0000000000571000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1652-8-0x0000000000400000-0x0000000000413000-memory.dmp
    Filesize

    76KB

    Download
  • memory/3480-10-0x0000000000400000-0x0000000000413000-memory.dmp
    Filesize

    76KB

    Download