3bd1894207b32ae8bd2e853eb40296d6361d62a954a681aeebc4c3008e1542dd | Triage

Submit
Reports

Overview

overview

Static

static

7

3bd1894207...cs.exe

windows7-x64

3bd1894207...cs.exe

windows10-2004-x64

Sharing

General

Target

3bd1894207b32ae8bd2e853eb40296d6361d62a954a681aeebc4c3008e1542dd_NeikiAnalytics.exe
Size

20KB
Sample

240701-g6fv9syana
MD5

952f45294c4120db8c99f29a126e2120
SHA1

102a0660220a2667b631905355d0c468dc829f89
SHA256

3bd1894207b32ae8bd2e853eb40296d6361d62a954a681aeebc4c3008e1542dd
SHA512

10b44f6157f2656dbaec79741ce6a6472f10979ea6c787a7102a2ad7d597bad0b9b0d2827d0c4fc8593288fc22a5e47a19a22b17760991c04d05bac398670c7f
SSDEEP

384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXf48Y:rRkiLw3HsDSARGG/w8Y

Score

10^/10

evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3bd1894207b32ae8bd2e853eb40296d6361d62a954a681aeebc4c3008e1542dd_NeikiAnalytics.exe

Resource

win7-20240419-en

evasion persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

3bd1894207b32ae8bd2e853eb40296d6361d62a954a681aeebc4c3008e1542dd_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

evasion persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  3bd1894207b32ae8bd2e853eb40296d6361d62a954a681aeebc4c3008e1542dd_NeikiAnalytics.exe
- Size
  
  20KB
- MD5
  
  952f45294c4120db8c99f29a126e2120
- SHA1
  
  102a0660220a2667b631905355d0c468dc829f89
- SHA256
  
  3bd1894207b32ae8bd2e853eb40296d6361d62a954a681aeebc4c3008e1542dd
- SHA512
  
  10b44f6157f2656dbaec79741ce6a6472f10979ea6c787a7102a2ad7d597bad0b9b0d2827d0c4fc8593288fc22a5e47a19a22b17760991c04d05bac398670c7f
- SSDEEP
  
  384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXf48Y:rRkiLw3HsDSARGG/w8Y
Score

10^/10

evasion persistence trojan upx
- Windows security bypass
  evasion trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Drops file in Drivers directory
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Active Setup

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Active Setup

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2024

Terms | Privacy