6101a57f6771c57874bad37b063e1da75683f6446654247f3083c906eaea9372

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6101a57f6771c57874bad37b063e1da75683f6446654247f3083c906eaea9372_NeikiAnalytics.exe
Size

6.7MB
MD5

3330d7f6f9514736aa3741c40f11ee00
SHA1

da0771f4ac27d5a0374eb276e67aa7936ad08b01
SHA256

6101a57f6771c57874bad37b063e1da75683f6446654247f3083c906eaea9372
SHA512

637e1d68def23dd959754a4f27c4234d100cbf1ba340ec839e196acc47210f6240a5ccccfd2545086a51ff9a9b77300324d12038ee9f6f043f7380a2360f537c
SSDEEP

196608:6w5GeFtqLWW1gpaoEkAZk7X4xhRTMUWjJuWoBx0k:XGeFsRgpaoh7X4xhyzc0k

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2228-36-0x0000000000400000-0x00000000011A3000-memory.dmp	vmprotect
behavioral1/memory/2228-39-0x0000000000400000-0x00000000011A3000-memory.dmp	vmprotect
behavioral1/memory/2228-40-0x0000000000400000-0x00000000011A3000-memory.dmp	vmprotect
behavioral1/memory/2228-42-0x0000000000400000-0x00000000011A3000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2228	6101a57f6771c57874bad37b063e1da75683f6446654247f3083c906eaea9372_NeikiAnalytics.exe
2228	6101a57f6771c57874bad37b063e1da75683f6446654247f3083c906eaea9372_NeikiAnalytics.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2228	6101a57f6771c57874bad37b063e1da75683f6446654247f3083c906eaea9372_NeikiAnalytics.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
476	Process not Found

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2228	6101a57f6771c57874bad37b063e1da75683f6446654247f3083c906eaea9372_NeikiAnalytics.exe
2228	6101a57f6771c57874bad37b063e1da75683f6446654247f3083c906eaea9372_NeikiAnalytics.exe
2228	6101a57f6771c57874bad37b063e1da75683f6446654247f3083c906eaea9372_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6101a57f6771c57874bad37b063e1da75683f6446654247f3083c906eaea9372_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6101a57f6771c57874bad37b063e1da75683f6446654247f3083c906eaea9372_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2228-35-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2228-33-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2228-31-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2228-30-0x000000000072D000-0x0000000000AE5000-memory.dmp

Filesize
3.7MB

Download
memory/2228-29-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2228-27-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2228-24-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2228-22-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2228-19-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2228-17-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2228-14-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2228-12-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2228-9-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2228-36-0x0000000000400000-0x00000000011A3000-memory.dmp

Filesize
13.6MB

Download
memory/2228-7-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2228-5-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2228-4-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2228-2-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2228-0-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2228-39-0x0000000000400000-0x00000000011A3000-memory.dmp

Filesize
13.6MB

Download
memory/2228-40-0x0000000000400000-0x00000000011A3000-memory.dmp

Filesize
13.6MB

Download
memory/2228-41-0x000000000072D000-0x0000000000AE5000-memory.dmp

Filesize
3.7MB

Download
memory/2228-42-0x0000000000400000-0x00000000011A3000-memory.dmp

Filesize
13.6MB

Download