upatre | 034d82fa8a21906c8c21711eeab4dcfa77206ec5a8e1a181e5cf273fed0082f3

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 01:05

Target

451b6e6869ee29dc55e128a2e2a9fd80_NeikiAnalytics.exe
Size

4KB
MD5

451b6e6869ee29dc55e128a2e2a9fd80
SHA1

c9a39942ffbe59840908477a2770e717bee6275c
SHA256

034d82fa8a21906c8c21711eeab4dcfa77206ec5a8e1a181e5cf273fed0082f3
SHA512

26ef8306e2d600c6b7a6a0f18dc8ac6ff15c27a75d53c47b7738faa27ab3b2998614e834344b13af0d6afaf94fd2b36bcac8050ad425ba046c96c65bc548e5c7
SSDEEP

48:Zdni+Wyi18DN0nCvTaE6nc9fhXcGEY3sJd9ga91RsOIg2nA7B8mOo4jUx7OtKGc:Z0v4mUWKh9ctgC1RVITnKymV44Sh

Score

10^/10

Upatre
Upatre is a generic malware downloader.
downloader upatre
Deletes itself 1 IoCs

Processes:

szgfw.exe

pid process

2132 szgfw.exe
Executes dropped EXE 1 IoCs

Processes:

szgfw.exe

pid process

2132 szgfw.exe
Loads dropped DLL 2 IoCs

Processes:

451b6e6869ee29dc55e128a2e2a9fd80_NeikiAnalytics.exe

pid process

1668 451b6e6869ee29dc55e128a2e2a9fd80_NeikiAnalytics.exe
1668 451b6e6869ee29dc55e128a2e2a9fd80_NeikiAnalytics.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2132	szgfw.exe

pid	process
2132	szgfw.exe

pid	process
1668	451b6e6869ee29dc55e128a2e2a9fd80_NeikiAnalytics.exe
1668	451b6e6869ee29dc55e128a2e2a9fd80_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

451b6e6869ee29dc55e128a2e2a9fd80_NeikiAnalytics.exe

description	pid	process	target process
PID 1668 wrote to memory of 2132	1668	451b6e6869ee29dc55e128a2e2a9fd80_NeikiAnalytics.exe	szgfw.exe
PID 1668 wrote to memory of 2132	1668	451b6e6869ee29dc55e128a2e2a9fd80_NeikiAnalytics.exe	szgfw.exe
PID 1668 wrote to memory of 2132	1668	451b6e6869ee29dc55e128a2e2a9fd80_NeikiAnalytics.exe	szgfw.exe
PID 1668 wrote to memory of 2132	1668	451b6e6869ee29dc55e128a2e2a9fd80_NeikiAnalytics.exe	szgfw.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

\Users\Admin\AppData\Local\Temp\szgfw.exe
Filesize
4KB

MD5
f43c5de5c1a76c5d37fcfad659e16e00

SHA1
8ddb5a3d9aae2cab5261cb535823f95fa361ef91

SHA256
abaae344fabb9a59cab8569531e814a58cba81d2758f9c823be611f725424d66

SHA512
52374efae06e6fc1a2f0b0330fb1205c8ada8365bf1adca2e47c8910d5540914780ea3cc99d1a62baf0aad4448cd584a3f246501f54f7a84f83228e22f1916bd

Download Submit