06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b | Triage

Submit
Reports

Overview

overview

8

Static

static

7

06df019453...cs.exe

windows7-x64

8

06df019453...cs.exe

windows10-2004-x64

8

Sharing

General

Target

06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b_NeikiAnalytics.exe
Size

3.7MB
Sample

240629-2es2qs1gjl
MD5

bbe02193dec0f7cdf4aa2d66e80d5b60
SHA1

33e017cba926c765610af9568f7edc5e3962a6b3
SHA256

06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b
SHA512

e8894da401a2cf1532bbbd5cb54a9449f3418ebda72c205b22e3a6c90a7c89d59ab51bc68566b668249fab5f180a2cde7c7ad12289109f651b02f1b0c895a175
SSDEEP

98304:e3obcEffDvnh88mNuHMiABZlZlpGiuKvBGMQ9jfQ:es7nhVPPiXHGbkAhlQ

Score

8^/10

persistence privilege_escalation vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b_NeikiAnalytics.exe

Resource

win7-20240611-en

persistence privilege_escalation vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

persistence privilege_escalation vmprotect

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b_NeikiAnalytics.exe
- Size
  
  3.7MB
- MD5
  
  bbe02193dec0f7cdf4aa2d66e80d5b60
- SHA1
  
  33e017cba926c765610af9568f7edc5e3962a6b3
- SHA256
  
  06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b
- SHA512
  
  e8894da401a2cf1532bbbd5cb54a9449f3418ebda72c205b22e3a6c90a7c89d59ab51bc68566b668249fab5f180a2cde7c7ad12289109f651b02f1b0c895a175
- SSDEEP
  
  98304:e3obcEffDvnh88mNuHMiABZlZlpGiuKvBGMQ9jfQ:es7nhVPPiXHGbkAhlQ
Score

8^/10

persistence privilege_escalation vmprotect
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistenceprivilege_escalationvmprotect

behavioral2

persistenceprivilege_escalationvmprotect

© 2018-2024

Terms | Privacy