a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 19:56

Target

a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe
Size

5.3MB
MD5

f9845d0393ae32ad62f942d86bcb5250
SHA1

fe0ef9adfdf9150917d522cfbf007233d0b59ea8
SHA256

a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb
SHA512

9ace006214adf986f232ad87b6363df289526ef659ac9f4be00bb1d9938a78555d8d18f4f5def5dc6f6682bdfb2ddfce9dfacd110f7d181d8b079dc481e3d6ac
SSDEEP

98304:Q4UuJam8M/k/0n+415zScTqve6DOAsqnYddV8aN/n/avNFz:v/Imz/Znj86NpN/n/avN5

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

gjgcfl.exe

pid process

2996 gjgcfl.exe
Loads dropped DLL 1 IoCs

Processes:

a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe

pid process

2984 a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

\Program Files (x86)\ejmkdbwup\gjgcfl.exe vmprotect
Drops file in Program Files directory 1 IoCs

Processes:

a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe

description ioc process

File created C:\Program Files (x86)\ejmkdbwup\gjgcfl.exe a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe

pid	process
2996	gjgcfl.exe

pid	process
2984	a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe

resource	yara_rule
\Program Files (x86)\ejmkdbwup\gjgcfl.exe	vmprotect

description	ioc	process
File created	C:\Program Files (x86)\ejmkdbwup\gjgcfl.exe	a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe

description	pid	process	target process
PID 2984 wrote to memory of 2996	2984	a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe	gjgcfl.exe
PID 2984 wrote to memory of 2996	2984	a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe	gjgcfl.exe
PID 2984 wrote to memory of 2996	2984	a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe	gjgcfl.exe
PID 2984 wrote to memory of 2996	2984	a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe	gjgcfl.exe

C:\Program Files (x86)\ejmkdbwup\gjgcfl.exe
"C:\Program Files (x86)\ejmkdbwup\gjgcfl.exe"
2⤵
- Executes dropped EXE
PID:2996

\Program Files (x86)\ejmkdbwup\gjgcfl.exe
Filesize
5.3MB

MD5
97fbe3a640b57b4ef6b8d7b21290d038

SHA1
f796d9d9e65ecdb4c876dd7a6b3af425ed970de1

SHA256
8537007f3e43c7c4e571eb267cf8de9ff12c02bf6d2143c038acff9ab0b95bf8

SHA512
f10458db3420ffa0dca11df9ee95e9a01866f1cef6b6e91be92475b7bb66ac345ead39500e7787bc3439c356080da8b5310c17dc90700c8dabff495e28a2d655

Download Submit