fb16141ea139f6a09feb36cd3723598c875b112fafcfd82bdd2e5589c650458d

Analysis

max time kernel
120s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 07:11

Target

26dbe9c6142aef5e3bd89c5837ff3830_NeikiAnalytics.exe
Size

2.0MB
MD5

26dbe9c6142aef5e3bd89c5837ff3830
SHA1

c95076630b21b77ba6e7360369e0df3b4f3333d0
SHA256

fb16141ea139f6a09feb36cd3723598c875b112fafcfd82bdd2e5589c650458d
SHA512

d41b73a3ba3a39fa5da78633224fee1b9af13c81015df845c763dcc64af24a9c015d189296dae3c5c8d9090bd38c5abfd57308305d52bca77604777847c455e2
SSDEEP

49152:h3UR2w5aO12j3mVy88ukVy88uNVy88uDVy88uSVy88uzVy88uhVy88uJVy88uRVo:h36lE2Vy88ukVy88uNVy88uDVy88uSV2

Score

7^/10

upx

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000700000002336e-2.dat	acprotect
behavioral2/files/0x000900000002353f-8.dat	acprotect

Loads dropped DLL 2 IoCs

pid	Process
4656	26dbe9c6142aef5e3bd89c5837ff3830_NeikiAnalytics.exe
4656	26dbe9c6142aef5e3bd89c5837ff3830_NeikiAnalytics.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4656-1-0x0000000000400000-0x00000000005FE000-memory.dmp	upx
behavioral2/files/0x000700000002336e-2.dat	upx
behavioral2/memory/4656-7-0x0000000074A40000-0x0000000074A58000-memory.dmp	upx
behavioral2/files/0x000900000002353f-8.dat	upx
behavioral2/memory/4656-14-0x0000000000400000-0x00000000005FE000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4656	26dbe9c6142aef5e3bd89c5837ff3830_NeikiAnalytics.exe
4656	26dbe9c6142aef5e3bd89c5837ff3830_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
31KB

MD5
9339bfe25011d5d5d09f6cfd9f6a36b9

SHA1
963bfac19298e16b5485ee2df5f04cdc8ca05a95

SHA256
633eb9ac10d46fbc300d5cb1777e9fbc0a5cd3b0a8da6e8b1bb6647a962a1e30

SHA512
aa172b03aae57e16bd55d6e893f54cb2fc60001e9c6be6c7c90d91ecdf0e9b20928ac82b84469780eb8cc5292e5a78d2413e14736950b33554c738bdce0c3d43

Download Submit
C:\Users\Admin\AppData\Local\Temp\gtapi.dll

Filesize
38KB

MD5
368922dd93f7249504cce6c52476fd26

SHA1
cb81952e2d9327e92045a777b22cd37b838d1018

SHA256
d98c796b0d205b7537a864f696f7639ba301ce0330cb82a0b0234813a3d78fda

SHA512
33d812422981d09fd267f9a2b43bdf873110deff5633c74fd6ec9858db1a9638550bf8e0b3bd94c299a1c12e7fa2a0ae8a28b8e79ccae471a252268ac20a6a7c

Download Submit
memory/4656-1-0x0000000000400000-0x00000000005FE000-memory.dmp

Filesize
2.0MB

Download
memory/4656-7-0x0000000074A40000-0x0000000074A58000-memory.dmp

Filesize
96KB

Download
memory/4656-13-0x0000000074790000-0x00000000747A7000-memory.dmp

Filesize
92KB

Download
memory/4656-14-0x0000000000400000-0x00000000005FE000-memory.dmp

Filesize
2.0MB

Download
memory/4656-15-0x0000000074A40000-0x0000000074A58000-memory.dmp

Filesize
96KB

Download
memory/4656-16-0x0000000074790000-0x00000000747A7000-memory.dmp

Filesize
92KB

Download