a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 19:56

Target

a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe
Size

5.3MB
MD5

f9845d0393ae32ad62f942d86bcb5250
SHA1

fe0ef9adfdf9150917d522cfbf007233d0b59ea8
SHA256

a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb
SHA512

9ace006214adf986f232ad87b6363df289526ef659ac9f4be00bb1d9938a78555d8d18f4f5def5dc6f6682bdfb2ddfce9dfacd110f7d181d8b079dc481e3d6ac
SSDEEP

98304:Q4UuJam8M/k/0n+415zScTqve6DOAsqnYddV8aN/n/avNFz:v/Imz/Znj86NpN/n/avN5

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

gtxpdgoqkgfcmc.exe

pid process

4156 gtxpdgoqkgfcmc.exe
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

C:\Program Files (x86)\zcealo\gtxpdgoqkgfcmc.exe vmprotect
Drops file in Program Files directory 1 IoCs

Processes:

a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe

description ioc process

File created C:\Program Files (x86)\zcealo\gtxpdgoqkgfcmc.exe a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe

pid	process
4156	gtxpdgoqkgfcmc.exe

resource	yara_rule
C:\Program Files (x86)\zcealo\gtxpdgoqkgfcmc.exe	vmprotect

description	ioc	process
File created	C:\Program Files (x86)\zcealo\gtxpdgoqkgfcmc.exe	a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe

description	pid	process	target process
PID 4416 wrote to memory of 4156	4416	a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe	gtxpdgoqkgfcmc.exe
PID 4416 wrote to memory of 4156	4416	a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe	gtxpdgoqkgfcmc.exe
PID 4416 wrote to memory of 4156	4416	a8e2327878ce96f53d0629645bafb29195210b0061df7aed2b7aa43b3ccbc1bb_NeikiAnalytics.exe	gtxpdgoqkgfcmc.exe

C:\Program Files (x86)\zcealo\gtxpdgoqkgfcmc.exe
"C:\Program Files (x86)\zcealo\gtxpdgoqkgfcmc.exe"
2⤵
- Executes dropped EXE
PID:4156

C:\Program Files (x86)\zcealo\gtxpdgoqkgfcmc.exe
Filesize
5.3MB

MD5
3e173de9c57084932e02368124eeb7da

SHA1
5f5257f6821839525ab4852bafdd12735b3b8c9f

SHA256
8f0b11275fabeedce6f85fdd28239b10237db628554dc01fd56b21ef98edd132

SHA512
a98df9665f7f2a7f078c91d81bd9aad19cddfc878f7e70c082db53b77036f562d398bf73f143a3c254a05d416d71b1d18aed8007c9af5d4ab7a0c9f91bda4003

Download Submit