Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
29-06-2024 22:30
Behavioral task
behavioral1
Sample
06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b_NeikiAnalytics.exe
-
Size
3.7MB
-
MD5
bbe02193dec0f7cdf4aa2d66e80d5b60
-
SHA1
33e017cba926c765610af9568f7edc5e3962a6b3
-
SHA256
06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b
-
SHA512
e8894da401a2cf1532bbbd5cb54a9449f3418ebda72c205b22e3a6c90a7c89d59ab51bc68566b668249fab5f180a2cde7c7ad12289109f651b02f1b0c895a175
-
SSDEEP
98304:e3obcEffDvnh88mNuHMiABZlZlpGiuKvBGMQ9jfQ:es7nhVPPiXHGbkAhlQ
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Executes dropped EXE 1 IoCs
Processes:
vpabslb.exepid process 3584 vpabslb.exe -
Processes:
resource yara_rule behavioral2/memory/4776-0-0x0000000000400000-0x00000000009A3000-memory.dmp vmprotect behavioral2/memory/4776-1-0x0000000000400000-0x00000000009A3000-memory.dmp vmprotect C:\ProgramData\Mozilla\vpabslb.exe vmprotect behavioral2/memory/3584-9-0x0000000000400000-0x00000000009A3000-memory.dmp vmprotect behavioral2/memory/3584-10-0x0000000000400000-0x00000000009A3000-memory.dmp vmprotect behavioral2/memory/3584-11-0x0000000000400000-0x00000000009A3000-memory.dmp vmprotect -
Drops file in Program Files directory 2 IoCs
Processes:
06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b_NeikiAnalytics.exevpabslb.exedescription ioc process File created C:\PROGRA~3\Mozilla\vpabslb.exe 06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b_NeikiAnalytics.exe File created C:\PROGRA~3\Mozilla\vlhtyqn.dll vpabslb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\06df019453fefca35d2f703566b52d626f56c0c56e44d58f336cc18307d6f11b_NeikiAnalytics.exe"1⤵
- Drops file in Program Files directory
-
C:\PROGRA~3\Mozilla\vpabslb.exeC:\PROGRA~3\Mozilla\vpabslb.exe -wyeumfc1⤵
- Executes dropped EXE
- Drops file in Program Files directory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Mozilla\vpabslb.exeFilesize
3.7MB
MD57662226d62b9c9c630072bc918d1857b
SHA1dfeedb0d9edb04707799db2ba1259b2f252614d9
SHA256a85707c0f5358bfba9aa10c9fff19c18383d6e7d18873aa3c10082514cb3e11a
SHA512d37428970366dcb19a131ecb915b5a2559f4bf69cc481ee0bfe3792f2d6bc7448baf2451a1b05382fd5622394d83b4c1a33ea3d3e9bdf4e0b21c074a43e087e7
-
memory/3584-9-0x0000000000400000-0x00000000009A3000-memory.dmpFilesize
5.6MB
-
memory/3584-10-0x0000000000400000-0x00000000009A3000-memory.dmpFilesize
5.6MB
-
memory/3584-11-0x0000000000400000-0x00000000009A3000-memory.dmpFilesize
5.6MB
-
memory/3584-12-0x0000000000400000-0x00000000009A3000-memory.dmpFilesize
5.6MB
-
memory/3584-15-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/4776-0-0x0000000000400000-0x00000000009A3000-memory.dmpFilesize
5.6MB
-
memory/4776-3-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/4776-2-0x00000000025F0000-0x000000000264B000-memory.dmpFilesize
364KB
-
memory/4776-1-0x0000000000400000-0x00000000009A3000-memory.dmpFilesize
5.6MB
-
memory/4776-6-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB