Overview

overview

7

Static

static

7

b045fdf8a5...cs.exe

windows7-x64

7

b045fdf8a5...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    29-06-2024 14:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe

  • Size

    1.4MB

  • MD5

    a5581c781fc72268be78aa549ed953b0

  • SHA1

    8f86d418454620e3f023e20350ed858c969b183f

  • SHA256

    b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0

  • SHA512

    0ddc6482f799ac18a028a5e562a5857f49f4e03c42360c94d547c1aa481fe2a9413f2afc333fe55ed3457c84516e1a02d2b9a28e1a9fa95c310e45af80c11693

  • SSDEEP

    24576:QiKRwIaFO0p/91x0n2iJC3o5rsGUg7QG7d8xPcDE4cQ2dKnMD/40icCWd:fKGFz9TCC3o5AGT7I0XedKMrI

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 272
      2⤵
      • Program crash
      PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2008-0-0x0000000000400000-0x00000000006FC000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/2008-1-0x00000000776C0000-0x00000000776C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2008-3-0x00000000776C0000-0x00000000776C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2008-7-0x0000000076940000-0x0000000076941000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2008-9-0x0000000000400000-0x00000000006FC000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/2008-11-0x0000000076940000-0x0000000076941000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2008-12-0x00000000001C0000-0x00000000001C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2008-17-0x00000000001C0000-0x00000000001C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2008-16-0x00000000776C0000-0x00000000776C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2008-18-0x0000000000400000-0x00000000006FC000-memory.dmp
    Filesize

    3.0MB

    Download