0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe
Size

9.2MB
MD5

3827d850535d0e7370e5963ba189a250
SHA1

4a7052caef6165a2e42d986bf5a3f87e6c307ba9
SHA256

0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c
SHA512

ed8ac09379e9dd37504ba44721688230fe00b7ed3fc5da7daf063b2beda8899f5b384e746e5fa6f3106c3701e8a99f3a6c360d023706a9d07f9b9f5f39f6832f
SSDEEP

196608:gDIY29OuiQYmmfJVcyxIMcMrHKVMEvKs7DGlAi9Q3QRr+jup:7Y29OPmOJVcyxIMcMT+mAQ8rjup

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 30 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4884-49-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-65-0x0000000004030000-0x000000000406E000-memory.dmp	upx
behavioral2/memory/4884-63-0x0000000004030000-0x000000000406E000-memory.dmp	upx
behavioral2/memory/4884-61-0x0000000004030000-0x000000000406E000-memory.dmp	upx
behavioral2/memory/4884-59-0x0000000004030000-0x000000000406E000-memory.dmp	upx
behavioral2/memory/4884-57-0x0000000004030000-0x000000000406E000-memory.dmp	upx
behavioral2/memory/4884-56-0x0000000004030000-0x000000000406E000-memory.dmp	upx
behavioral2/memory/4884-54-0x0000000004030000-0x000000000406E000-memory.dmp	upx
behavioral2/memory/4884-53-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-51-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-47-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-45-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-43-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-41-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-39-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-37-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-35-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-31-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-29-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-27-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-25-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-23-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-21-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-19-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-17-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-15-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-13-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-12-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-33-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4884-11-0x0000000010000000-0x000000001003E000-memory.dmp	upx

VMProtect packed file 16 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral2/memory/4884-7-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-98-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-55-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-99-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-100-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-101-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-102-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-103-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-104-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-105-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-106-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-107-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-108-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-109-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-110-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect
behavioral2/memory/4884-111-0x0000000000400000-0x0000000001B83000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe

pid	process
4884	0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe
4884	0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe
4884	0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe
4884	0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe

pid	process
4884	0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe
4884	0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe
4884	0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe
4884	0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0948a6e361d814ee7a34088f0a898706aea84359ec60740258176cfbbbef947c_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4884-0-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/4884-1-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/4884-5-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/4884-4-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/4884-3-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/4884-2-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/4884-8-0x0000000000CD3000-0x0000000001259000-memory.dmp

Filesize
5.5MB

Download
memory/4884-7-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-6-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/4884-49-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-65-0x0000000004030000-0x000000000406E000-memory.dmp

Filesize
248KB

Download
memory/4884-63-0x0000000004030000-0x000000000406E000-memory.dmp

Filesize
248KB

Download
memory/4884-61-0x0000000004030000-0x000000000406E000-memory.dmp

Filesize
248KB

Download
memory/4884-59-0x0000000004030000-0x000000000406E000-memory.dmp

Filesize
248KB

Download
memory/4884-98-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-57-0x0000000004030000-0x000000000406E000-memory.dmp

Filesize
248KB

Download
memory/4884-56-0x0000000004030000-0x000000000406E000-memory.dmp

Filesize
248KB

Download
memory/4884-55-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-54-0x0000000004030000-0x000000000406E000-memory.dmp

Filesize
248KB

Download
memory/4884-53-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-51-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-47-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-45-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-43-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-41-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-39-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-37-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-35-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-31-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-29-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-27-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-25-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-23-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-21-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-19-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-17-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-15-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-13-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-12-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-33-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-11-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4884-99-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-100-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-101-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-102-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-103-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-104-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-105-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-106-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-107-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-108-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-109-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-110-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download
memory/4884-111-0x0000000000400000-0x0000000001B83000-memory.dmp

Filesize
23.5MB

Download