Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
29-06-2024 16:44
General
-
Target
b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe
-
Size
1.2MB
-
MD5
0fa9b424240b708d3011fec45df9dc40
-
SHA1
ee36b5e135489d3b9f99bca4e91738d25ea5e89e
-
SHA256
b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192
-
SHA512
fad184d3925b4ed71ad153b37bd664bbd3193d1191c990f316688a40f793d4e1a839ffe5c9843c11856fa39e5d0053b7efb62bccb9706db6a2f6523efa9678d7
-
SSDEEP
12288:EShg1Q6TG04cWMC6wQ4LR+gH3Yxrm3T4CWKKCrZTGF/k8uMxtxPvvzpp:U1pTG05RwbLR1bTJbKkKF/eMNPjf
Score
7/10
Malware Config
Signatures
-
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
VMProtect packed file 3 IoCs
Detects executables packed with VMProtect commercial packer.
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1028-0-0x0000000000700000-0x0000000000800000-memory.dmpFilesize
1024KB
-
memory/1028-1-0x0000000000700000-0x0000000000800000-memory.dmpFilesize
1024KB
-
memory/1028-5-0x0000000000700000-0x0000000000800000-memory.dmpFilesize
1024KB