Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
29-06-2024 16:44
Behavioral task
behavioral1
Sample
b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe
-
Size
1.2MB
-
MD5
0fa9b424240b708d3011fec45df9dc40
-
SHA1
ee36b5e135489d3b9f99bca4e91738d25ea5e89e
-
SHA256
b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192
-
SHA512
fad184d3925b4ed71ad153b37bd664bbd3193d1191c990f316688a40f793d4e1a839ffe5c9843c11856fa39e5d0053b7efb62bccb9706db6a2f6523efa9678d7
-
SSDEEP
12288:EShg1Q6TG04cWMC6wQ4LR+gH3Yxrm3T4CWKKCrZTGF/k8uMxtxPvvzpp:U1pTG05RwbLR1bTJbKkKF/eMNPjf
Malware Config
Signatures
-
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 114.114.114.114 -
Processes:
resource yara_rule behavioral2/memory/1028-0-0x0000000000700000-0x0000000000800000-memory.dmp vmprotect behavioral2/memory/1028-1-0x0000000000700000-0x0000000000800000-memory.dmp vmprotect behavioral2/memory/1028-5-0x0000000000700000-0x0000000000800000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exepid process 1028 b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe 1028 b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe 1028 b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe 1028 b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe 1028 b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe 1028 b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exedescription pid process Token: SeDebugPrivilege 1028 b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe Token: SeTcbPrivilege 1028 b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b3a2783fcac7116c274e58f629d5d0bda778c1377b7c8f23fb8cc116a6b39192_NeikiAnalytics.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken