b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0

Analysis

max time kernel
93s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
Size

1.4MB
MD5

a5581c781fc72268be78aa549ed953b0
SHA1

8f86d418454620e3f023e20350ed858c969b183f
SHA256

b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0
SHA512

0ddc6482f799ac18a028a5e562a5857f49f4e03c42360c94d547c1aa481fe2a9413f2afc333fe55ed3457c84516e1a02d2b9a28e1a9fa95c310e45af80c11693
SSDEEP

24576:QiKRwIaFO0p/91x0n2iJC3o5rsGUg7QG7d8xPcDE4cQ2dKnMD/40icCWd:fKGFz9TCC3o5AGT7I0XedKMrI

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral2/memory/1900-0-0x0000000000400000-0x00000000006FC000-memory.dmp	vmprotect
behavioral2/memory/1900-1-0x0000000000400000-0x00000000006FC000-memory.dmp	vmprotect
behavioral2/memory/1900-6-0x0000000000400000-0x00000000006FC000-memory.dmp	vmprotect

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1384 1900 WerFault.exe b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe

pid	pid_target	process	target process
1384	1900	WerFault.exe	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe

pid	process
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900	b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe

pid process

1900 b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
1900 b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 704
2⤵
- Program crash
PID:1384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1900 -ip 1900
1⤵
PID:4312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1900-0-0x0000000000400000-0x00000000006FC000-memory.dmp

Filesize
3.0MB

Download
memory/1900-1-0x0000000000400000-0x00000000006FC000-memory.dmp

Filesize
3.0MB

Download
memory/1900-3-0x0000000077290000-0x0000000077291000-memory.dmp

Filesize
4KB

Download
memory/1900-4-0x0000000077280000-0x0000000077281000-memory.dmp

Filesize
4KB

Download
memory/1900-5-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/1900-6-0x0000000000400000-0x00000000006FC000-memory.dmp

Filesize
3.0MB

Download