4a70ec12e64d1c30d07862ae2293955bfe5ea4b3a1e137e3d8c94a0f10901725 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

4a70ec12e6...cs.dll

windows7-x64

8

4a70ec12e6...cs.dll

windows10-2004-x64

7

Sharing

General

Target

4a70ec12e64d1c30d07862ae2293955bfe5ea4b3a1e137e3d8c94a0f10901725_NeikiAnalytics.exe
Size

1.7MB
Sample

240629-cecx3s1gmm
MD5

d134cfffeecfb01037177ccec5e5f0b0
SHA1

07aed9d5740d6ea54e820943426d86ef3a5f6a6d
SHA256

4a70ec12e64d1c30d07862ae2293955bfe5ea4b3a1e137e3d8c94a0f10901725
SHA512

7d113ac14735d0457f2888f8ac0302226ce941c4aed3ec951a4238749a614540208f0d614fdcfdbe07e77977d91b0fbaaeaa33dfb6c89aea2a972d7844ebdc97
SSDEEP

49152:Y05f3Q60NQ2ByAzvdYPxus6cF47Vkj7URLHkJigQU/CIabjKoh9WINX:FQ6+Q2ByAzvdYPAxeQDbrFIabjKoh9Wa

Score

8^/10

adware persistence privilege_escalation stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

4a70ec12e64d1c30d07862ae2293955bfe5ea4b3a1e137e3d8c94a0f10901725_NeikiAnalytics.dll

Resource

win7-20240508-en

adware persistence privilege_escalation stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4a70ec12e64d1c30d07862ae2293955bfe5ea4b3a1e137e3d8c94a0f10901725_NeikiAnalytics.dll

Resource

win10v2004-20240611-en

adware stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  4a70ec12e64d1c30d07862ae2293955bfe5ea4b3a1e137e3d8c94a0f10901725_NeikiAnalytics.exe
- Size
  
  1.7MB
- MD5
  
  d134cfffeecfb01037177ccec5e5f0b0
- SHA1
  
  07aed9d5740d6ea54e820943426d86ef3a5f6a6d
- SHA256
  
  4a70ec12e64d1c30d07862ae2293955bfe5ea4b3a1e137e3d8c94a0f10901725
- SHA512
  
  7d113ac14735d0457f2888f8ac0302226ce941c4aed3ec951a4238749a614540208f0d614fdcfdbe07e77977d91b0fbaaeaa33dfb6c89aea2a972d7844ebdc97
- SSDEEP
  
  49152:Y05f3Q60NQ2ByAzvdYPxus6cF47Vkj7URLHkJigQU/CIabjKoh9WINX:FQ6+Q2ByAzvdYPAxeQDbrFIabjKoh9Wa
Score

8^/10

adware persistence privilege_escalation stealer upx
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Browser Extensions

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarepersistenceprivilege_escalationstealerupx

behavioral2

adwarestealerupx

© 2018-2024

Terms | Privacy