32f37f1164a0f1526427cfea6f624ea258ae5727763faaad65d3123558910f91

Analysis

max time kernel
125s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 05:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7d1da043f71de8d035331ae6bed38200_NeikiAnalytics.exe
Size

3.7MB
MD5

7d1da043f71de8d035331ae6bed38200
SHA1

ed355675b7020a78c8ef35dab5f33baae9e3ca10
SHA256

32f37f1164a0f1526427cfea6f624ea258ae5727763faaad65d3123558910f91
SHA512

a986e6559038c1b71e04eb0e846d6d91f5a714cf613f00fd6be54cc3287921a8afda556434da2eecd0f96a771db070cd121f8520b28731a11f83d65fe5af8175
SSDEEP

98304:y3rWjizNfd71aofFsZJzHBKCVKpah3+R1icFW9w1/eNJ4CZ:yWji9iTBKpT1icFb/egCZ

Score

8^/10

persistence vmprotect

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
3092	teoghah.exe

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/2744-0-0x0000000000400000-0x0000000000994000-memory.dmp	vmprotect
behavioral2/files/0x000b0000000232f9-5.dat	vmprotect
behavioral2/memory/3092-9-0x0000000000400000-0x0000000000994000-memory.dmp	vmprotect

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\teoghah.exe	7d1da043f71de8d035331ae6bed38200_NeikiAnalytics.exe
File created	C:\PROGRA~3\Mozilla\nvzdrxb.dll	teoghah.exe

C:\Users\Admin\AppData\Local\Temp\7d1da043f71de8d035331ae6bed38200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7d1da043f71de8d035331ae6bed38200_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3452,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4432 /prefetch:8
1⤵
PID:1748

C:\PROGRA~3\Mozilla\teoghah.exe
C:\PROGRA~3\Mozilla\teoghah.exe -cjiekkn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\teoghah.exe

Filesize
3.7MB

MD5
7d6bbe7f9c02544eff14c75ce477ba76

SHA1
4b52af865759fcdba17011497b561450c429316e

SHA256
33942cba4d29c3b4f35be252abdd0de88c1ecaa66d17366d0bc5be9a8f723bcb

SHA512
24db611c0ec09933666cedd67cd21cbbf152380805cc958f841c848ab9569af5b559867589ba2c71a7ab009e47b52f72af4d48fe572a1dc9316b8114e73865e6

Download Submit
memory/2744-2-0x0000000002630000-0x000000000268B000-memory.dmp

Filesize
364KB

Download
memory/2744-0-0x0000000000400000-0x0000000000994000-memory.dmp

Filesize
5.6MB

Download
memory/2744-3-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2744-7-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3092-9-0x0000000000400000-0x0000000000994000-memory.dmp

Filesize
5.6MB

Download
memory/3092-11-0x0000000000400000-0x0000000000994000-memory.dmp

Filesize
5.6MB

Download
memory/3092-12-0x0000000000400000-0x0000000000994000-memory.dmp

Filesize
5.6MB

Download
memory/3092-15-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download