222c56746d1f14be2f1346c3830e884ef2cef273b3ca30b3fce1d90a2b743a92 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

222c56746d...cs.exe

windows7-x64

9

222c56746d...cs.exe

windows10-2004-x64

9

Sharing

General

Target

222c56746d1f14be2f1346c3830e884ef2cef273b3ca30b3fce1d90a2b743a92_NeikiAnalytics.exe
Size

3.2MB
Sample

240630-28y5vaydna
MD5

c2cbd2798ef5acd702b577f2576ed060
SHA1

9d7d4d90feb8bf94d9dc427d014c05104f9d2636
SHA256

222c56746d1f14be2f1346c3830e884ef2cef273b3ca30b3fce1d90a2b743a92
SHA512

e1c3b92b8f838e4f314c51b64fd2d675d30fa4426d9db9d734bea60657b3a0cc02019e316c8286f24a3b55d2208ede8feae69c51a0e8c482b566e278e3f41d9a
SSDEEP

49152:JeuSg2T/EoaN+jilNWh8wcepVXF7O36j+yY9/4kUaAPsFVttNb+6r9Hg0hh/RW5/:0g2T/d88UI173j09/3EK+Y9Hg07R0

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

222c56746d1f14be2f1346c3830e884ef2cef273b3ca30b3fce1d90a2b743a92_NeikiAnalytics.exe

Resource

win7-20240508-en

evasion themida trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

222c56746d1f14be2f1346c3830e884ef2cef273b3ca30b3fce1d90a2b743a92_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

evasion themida trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  222c56746d1f14be2f1346c3830e884ef2cef273b3ca30b3fce1d90a2b743a92_NeikiAnalytics.exe
- Size
  
  3.2MB
- MD5
  
  c2cbd2798ef5acd702b577f2576ed060
- SHA1
  
  9d7d4d90feb8bf94d9dc427d014c05104f9d2636
- SHA256
  
  222c56746d1f14be2f1346c3830e884ef2cef273b3ca30b3fce1d90a2b743a92
- SHA512
  
  e1c3b92b8f838e4f314c51b64fd2d675d30fa4426d9db9d734bea60657b3a0cc02019e316c8286f24a3b55d2208ede8feae69c51a0e8c482b566e278e3f41d9a
- SSDEEP
  
  49152:JeuSg2T/EoaN+jilNWh8wcepVXF7O36j+yY9/4kUaAPsFVttNb+6r9Hg0hh/RW5/:0g2T/d88UI173j09/3EK+Y9Hg07R0
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2024

Terms | Privacy