Malware Analysis Report

2025-05-05 21:21

Sample ID 240510-x82thsgf46
Target 54cc0c85224445e5225870e60fe4f020_NeikiAnalytics
SHA256 7ea06b883d26a3e5f47f01336f67b1aa02e1577ed150dbbef99085578e538837
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7ea06b883d26a3e5f47f01336f67b1aa02e1577ed150dbbef99085578e538837

Threat Level: Shows suspicious behavior

The file 54cc0c85224445e5225870e60fe4f020_NeikiAnalytics was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Unsigned PE

Detects Pyinstaller

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-10 19:32

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 19:32

Reported

2024-05-10 19:34

Platform

win7-20240419-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 smtp.gmail.com udp
IE 209.85.202.108:587 smtp.gmail.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI29242\python37.dll

MD5 c66cff63d88f6e9dd4d8e12263a928b5
SHA1 95c617965db8d8ddb76c2775a2441d1609605162
SHA256 1d70473101f95a42764c8430548645b0a9786bac0fe08367f593416c9b791718
SHA512 993001dcf9448dedf49fea89a76294364501dd09eac88184511e6ebab997119ac94e3e9d596d02571174f5a04b1d4ec6888f494eb0810e28bdb674867695005b

\Users\Admin\AppData\Local\Temp\_MEI29242\VCRUNTIME140.dll

MD5 ae96651cfbd18991d186a029cbecb30c
SHA1 18df8af1022b5cb188e3ee98ac5b4da24ac9c526
SHA256 1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1
SHA512 42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

C:\Users\Admin\AppData\Local\Temp\_MEI29242\base_library.zip

MD5 b8fafa013ab3d73f5540f4dca668e134
SHA1 25e1de1f13d256496e8244e29e049f69b91527a8
SHA256 e813be961090b612af2136418f91671c3192da594b86cd6d47d8a725595cece1
SHA512 e290163cc8cca66ef628e336d55e2df58fa82453693c2457f978e84e082f83a2c31456ef1e7daf9507a4653436a3750ccf4b7fa8e923b1da8b11c1bf2e50f8c4

C:\Users\Admin\AppData\Local\Temp\_MEI29242\_ctypes.pyd

MD5 4873eef1f9b652605cb7567bf5f63a59
SHA1 699bcc7439c2255eb54b3048a0255624cfcfb1d4
SHA256 c1688643a182f1b9692284ee24293ae90b5496e95b356d6ec175f18d9a6ec566
SHA512 335a9d6a6f5f0189a1b906561e3bf1d5f6c86d17fdc952fd45a8e6a3d6b814ad919e8ca9ae5f3a6261549361cd4b5f00d366ceb77c66b4c562fd53692b24b2d4

C:\Users\Admin\AppData\Local\Temp\_MEI29242\_queue.pyd

MD5 4f38eb31e85412b5bb3cc955f7a83cfb
SHA1 5752194a2987b795636e708bae7d436e064790ec
SHA256 326f00f00dabf86b33325b8f6344a141aefb2a56ba5c173d2efe175efa72058b
SHA512 814f7904ec79ca03750fc57b64329c8ef4c3fe3648f65b63ec103b21a07278f038e8b786559085b612abd442d67493681e3bf8f6a6ab18c2b112b67a9e327f37

C:\Users\Admin\AppData\Local\Temp\_MEI29242\unicodedata.pyd

MD5 c184941d097bf03782cc74b785e6dada
SHA1 c4ca2607047ef69e0cff516d38c4147087f45b02
SHA256 95c2e7b6bb25a0beb8a5c0376ceed33098d9991cda0414f844f5b9b506167891
SHA512 1c284dbff3ddfc76af8a649d237f90e87a9ecd7e36783626ebff7fca1cf1532b6b455372445b29352bc12df23a2e095f994f0ca454877f9ea38558875c314137

C:\Users\Admin\AppData\Local\Temp\_MEI29242\_socket.pyd

MD5 86d72934a494121978ef74c8b8aca5a4
SHA1 3c15697eee23365722f79d70710ac0a1ba5de6e1
SHA256 24657ecfde063412c941aaa6a085341d45ecf4c0153b37b7476459835ccb3cbb
SHA512 b7e720d4801690b6c610726046070b8a761113c30a14d6c54205f3ea5ae273494fa28b1fe57c33e196b71d7b2c1be28a3acbf5a3337cad0e9e4216918d8487e7

C:\Users\Admin\AppData\Local\Temp\_MEI29242\select.pyd

MD5 91ce806fb378ca8e5752aefeb5775da8
SHA1 5d18e0120b181f56562c228a360283fed1071d1f
SHA256 715b9028dbd2faef7a084b8919086fe258b5069f295655deae5dff95f6cb23f6
SHA512 ef557947653936f1dc9e68730d7edba420a2b7011c85fa55446c31f60e1af3732aa312fee91d72c39223d008d0231047d55d77e649ed1e6a09de663b78246fd7

C:\Users\Admin\AppData\Local\Temp\_MEI29242\_hashlib.pyd

MD5 d7fb745382c6356cb58a865b7868a87f
SHA1 c05940c7e57e7e1c8e031d1644cd91f507adf5e1
SHA256 a5ced194f4a143e6f517c22e6a1edbabca0d875243845bc57a87c2d70c07f23d
SHA512 1a19293c041811a72dbc88807aaa6a396600732f716ccbb2d976850c01f69d1ddeb5101e56c9b92fbb02496481e9da3fcc47af96bf8e9102477f9f28386f94c4

C:\Users\Admin\AppData\Local\Temp\_MEI29242\libcrypto-1_1.dll

MD5 25c4ebe7eb728eb40f9f9857849abad9
SHA1 d907b46d6b5924a4d887438583145b8d2edda10c
SHA256 ee585c57129d29c67d1f038ca35113ce34319bff1e8e163588e394dd096cd04a
SHA512 9f43ac67d873d28415ce4bb6d5823f361c31a018e3a4d56f191f9c2503ea0e41a8c3b7ca7860bd1abc013e3827ec2d47d9577ddbc128e10a1c2ac78615f7c8a9

C:\Users\Admin\AppData\Local\Temp\_MEI29242\_ssl.pyd

MD5 6e8d415d50d8292dbfb479447ac09c27
SHA1 cb2154d70a5cb9a875309e0860b82a825c6416f0
SHA256 5b616af730aa15a75558afa50e725c7d4d4e5b22bbffd348df2239425cfeadd0
SHA512 a8196e2536a3c733b59fa11da10f85eda0d2c50deb246d895fccbcb7f8e33c7aa11928ce8264eabaf0e9c761f5b11c7e65cb4ec503c0338c90e1d7180f7c0bac

C:\Users\Admin\AppData\Local\Temp\_MEI29242\libssl-1_1.dll

MD5 a11c90defa3969b20b8730450447636c
SHA1 05ec6e2fae9ad1d8446341f0e87d2d0fd7398bf0
SHA256 5b24d33ef69546a929b021738018c55ee6cea62b3ddd8d69a78dcad4dc5c6255
SHA512 d1d1469ed7280b66f9fbd1fae9d1bdc91be8b7a7f2340a4e6163da33f0a4a13043b6f4f5c6eb30bdc164991c16bcec0872e66c9843cc38ddc982e49c41e8cc3b

C:\Users\Admin\AppData\Local\Temp\_MEI29242\_bz2.pyd

MD5 2dd25ac2510c5640169d89ee220e748e
SHA1 38fd561088e61e4dbb97a026bfee8fbf6533250e
SHA256 f5086031019c5e03afcfee227c4d30e82b68c24f5a5871640c3e8682852d9a54
SHA512 e4fab2e20031dec366c113fe10ff81d759a2a1837cd1ee2598bb6c1107cb16a6db13501b69e80ee08e61005020b557221f858b690e2a3bab13a94fb04f87ef62

C:\Users\Admin\AppData\Local\Temp\_MEI29242\_lzma.pyd

MD5 3f9883975873f598093f33164be01fbc
SHA1 851b304266d19ec89193ade145e7aa7094cb9217
SHA256 1afb4acf310dc86ab032cf27fb59c468ca7e65448b899dc31d5a53317d5bc831
SHA512 a0613ed7bbab49a8da297d4947d5595c0637df1186834e19db8bc800d2f01bc1f8531e20921093778e1006edcf6705d9e49751106552520c0dd001c66a5dfc6c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 19:32

Reported

2024-05-10 19:35

Platform

win10v2004-20240226-en

Max time kernel

139s

Max time network

163s

Command Line

"C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\54cc0c85224445e5225870e60fe4f020_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.74:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 smtp.gmail.com udp
IE 209.85.202.109:587 smtp.gmail.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 109.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI41882\python37.dll

MD5 c66cff63d88f6e9dd4d8e12263a928b5
SHA1 95c617965db8d8ddb76c2775a2441d1609605162
SHA256 1d70473101f95a42764c8430548645b0a9786bac0fe08367f593416c9b791718
SHA512 993001dcf9448dedf49fea89a76294364501dd09eac88184511e6ebab997119ac94e3e9d596d02571174f5a04b1d4ec6888f494eb0810e28bdb674867695005b

C:\Users\Admin\AppData\Local\Temp\_MEI41882\VCRUNTIME140.dll

MD5 ae96651cfbd18991d186a029cbecb30c
SHA1 18df8af1022b5cb188e3ee98ac5b4da24ac9c526
SHA256 1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1
SHA512 42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

C:\Users\Admin\AppData\Local\Temp\_MEI41882\base_library.zip

MD5 b8fafa013ab3d73f5540f4dca668e134
SHA1 25e1de1f13d256496e8244e29e049f69b91527a8
SHA256 e813be961090b612af2136418f91671c3192da594b86cd6d47d8a725595cece1
SHA512 e290163cc8cca66ef628e336d55e2df58fa82453693c2457f978e84e082f83a2c31456ef1e7daf9507a4653436a3750ccf4b7fa8e923b1da8b11c1bf2e50f8c4

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_ctypes.pyd

MD5 4873eef1f9b652605cb7567bf5f63a59
SHA1 699bcc7439c2255eb54b3048a0255624cfcfb1d4
SHA256 c1688643a182f1b9692284ee24293ae90b5496e95b356d6ec175f18d9a6ec566
SHA512 335a9d6a6f5f0189a1b906561e3bf1d5f6c86d17fdc952fd45a8e6a3d6b814ad919e8ca9ae5f3a6261549361cd4b5f00d366ceb77c66b4c562fd53692b24b2d4

C:\Users\Admin\AppData\Local\Temp\_MEI41882\unicodedata.pyd

MD5 c184941d097bf03782cc74b785e6dada
SHA1 c4ca2607047ef69e0cff516d38c4147087f45b02
SHA256 95c2e7b6bb25a0beb8a5c0376ceed33098d9991cda0414f844f5b9b506167891
SHA512 1c284dbff3ddfc76af8a649d237f90e87a9ecd7e36783626ebff7fca1cf1532b6b455372445b29352bc12df23a2e095f994f0ca454877f9ea38558875c314137

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_queue.pyd

MD5 4f38eb31e85412b5bb3cc955f7a83cfb
SHA1 5752194a2987b795636e708bae7d436e064790ec
SHA256 326f00f00dabf86b33325b8f6344a141aefb2a56ba5c173d2efe175efa72058b
SHA512 814f7904ec79ca03750fc57b64329c8ef4c3fe3648f65b63ec103b21a07278f038e8b786559085b612abd442d67493681e3bf8f6a6ab18c2b112b67a9e327f37

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_socket.pyd

MD5 86d72934a494121978ef74c8b8aca5a4
SHA1 3c15697eee23365722f79d70710ac0a1ba5de6e1
SHA256 24657ecfde063412c941aaa6a085341d45ecf4c0153b37b7476459835ccb3cbb
SHA512 b7e720d4801690b6c610726046070b8a761113c30a14d6c54205f3ea5ae273494fa28b1fe57c33e196b71d7b2c1be28a3acbf5a3337cad0e9e4216918d8487e7

C:\Users\Admin\AppData\Local\Temp\_MEI41882\select.pyd

MD5 91ce806fb378ca8e5752aefeb5775da8
SHA1 5d18e0120b181f56562c228a360283fed1071d1f
SHA256 715b9028dbd2faef7a084b8919086fe258b5069f295655deae5dff95f6cb23f6
SHA512 ef557947653936f1dc9e68730d7edba420a2b7011c85fa55446c31f60e1af3732aa312fee91d72c39223d008d0231047d55d77e649ed1e6a09de663b78246fd7

C:\Users\Admin\AppData\Local\Temp\_MEI41882\libcrypto-1_1.dll

MD5 25c4ebe7eb728eb40f9f9857849abad9
SHA1 d907b46d6b5924a4d887438583145b8d2edda10c
SHA256 ee585c57129d29c67d1f038ca35113ce34319bff1e8e163588e394dd096cd04a
SHA512 9f43ac67d873d28415ce4bb6d5823f361c31a018e3a4d56f191f9c2503ea0e41a8c3b7ca7860bd1abc013e3827ec2d47d9577ddbc128e10a1c2ac78615f7c8a9

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_hashlib.pyd

MD5 d7fb745382c6356cb58a865b7868a87f
SHA1 c05940c7e57e7e1c8e031d1644cd91f507adf5e1
SHA256 a5ced194f4a143e6f517c22e6a1edbabca0d875243845bc57a87c2d70c07f23d
SHA512 1a19293c041811a72dbc88807aaa6a396600732f716ccbb2d976850c01f69d1ddeb5101e56c9b92fbb02496481e9da3fcc47af96bf8e9102477f9f28386f94c4

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_ssl.pyd

MD5 6e8d415d50d8292dbfb479447ac09c27
SHA1 cb2154d70a5cb9a875309e0860b82a825c6416f0
SHA256 5b616af730aa15a75558afa50e725c7d4d4e5b22bbffd348df2239425cfeadd0
SHA512 a8196e2536a3c733b59fa11da10f85eda0d2c50deb246d895fccbcb7f8e33c7aa11928ce8264eabaf0e9c761f5b11c7e65cb4ec503c0338c90e1d7180f7c0bac

C:\Users\Admin\AppData\Local\Temp\_MEI41882\libssl-1_1.dll

MD5 a11c90defa3969b20b8730450447636c
SHA1 05ec6e2fae9ad1d8446341f0e87d2d0fd7398bf0
SHA256 5b24d33ef69546a929b021738018c55ee6cea62b3ddd8d69a78dcad4dc5c6255
SHA512 d1d1469ed7280b66f9fbd1fae9d1bdc91be8b7a7f2340a4e6163da33f0a4a13043b6f4f5c6eb30bdc164991c16bcec0872e66c9843cc38ddc982e49c41e8cc3b

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_bz2.pyd

MD5 2dd25ac2510c5640169d89ee220e748e
SHA1 38fd561088e61e4dbb97a026bfee8fbf6533250e
SHA256 f5086031019c5e03afcfee227c4d30e82b68c24f5a5871640c3e8682852d9a54
SHA512 e4fab2e20031dec366c113fe10ff81d759a2a1837cd1ee2598bb6c1107cb16a6db13501b69e80ee08e61005020b557221f858b690e2a3bab13a94fb04f87ef62

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_lzma.pyd

MD5 3f9883975873f598093f33164be01fbc
SHA1 851b304266d19ec89193ade145e7aa7094cb9217
SHA256 1afb4acf310dc86ab032cf27fb59c468ca7e65448b899dc31d5a53317d5bc831
SHA512 a0613ed7bbab49a8da297d4947d5595c0637df1186834e19db8bc800d2f01bc1f8531e20921093778e1006edcf6705d9e49751106552520c0dd001c66a5dfc6c