0ccd8ebf242998355d78e564b12ff183377a89c84cbd3478535e5e6155cb645e | Triage

Submit
Reports

Overview

overview

8

Static

static

7

0ccd8ebf24...cs.exe

windows7-x64

8

0ccd8ebf24...cs.exe

windows10-2004-x64

7

Sharing

General

Target

0ccd8ebf242998355d78e564b12ff183377a89c84cbd3478535e5e6155cb645e_NeikiAnalytics.exe
Size

5.5MB
Sample

240701-1n3rvswakk
MD5

c4c696e6ea81e3e94050d4bfca2d4350
SHA1

fbe76e557521504be389722ce25b4ad229ae2858
SHA256

0ccd8ebf242998355d78e564b12ff183377a89c84cbd3478535e5e6155cb645e
SHA512

1f2a0403bbcfdc1e7c501c87c8d0d1b352f21ac52001e0798e9aee5eabe4df734cfbd11201903fc8fb03918a6851aed695520da869b1559e4541a248eb7dacf4
SSDEEP

98304:+iNCFT1fzFo347hHCbg1VD1e9HJlJCX4gqXv8wHtundQ+QCA86WLoz:+i4HLhHCIMHUcXEwgnmRj9Coz

Score

8^/10

evasion execution vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0ccd8ebf242998355d78e564b12ff183377a89c84cbd3478535e5e6155cb645e_NeikiAnalytics.exe

Resource

win7-20240221-en

evasion execution vmprotect

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0ccd8ebf242998355d78e564b12ff183377a89c84cbd3478535e5e6155cb645e_NeikiAnalytics.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  0ccd8ebf242998355d78e564b12ff183377a89c84cbd3478535e5e6155cb645e_NeikiAnalytics.exe
- Size
  
  5.5MB
- MD5
  
  c4c696e6ea81e3e94050d4bfca2d4350
- SHA1
  
  fbe76e557521504be389722ce25b4ad229ae2858
- SHA256
  
  0ccd8ebf242998355d78e564b12ff183377a89c84cbd3478535e5e6155cb645e
- SHA512
  
  1f2a0403bbcfdc1e7c501c87c8d0d1b352f21ac52001e0798e9aee5eabe4df734cfbd11201903fc8fb03918a6851aed695520da869b1559e4541a248eb7dacf4
- SSDEEP
  
  98304:+iNCFT1fzFo347hHCbg1VD1e9HJlJCX4gqXv8wHtundQ+QCA86WLoz:+i4HLhHCIMHUcXEwgnmRj9Coz
Score

8^/10

evasion execution vmprotect
- Stops running service(s)
  evasion execution
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionexecutionvmprotect

behavioral2

© 2018-2024

Terms | Privacy