Malware Analysis Report

2025-08-05 16:01

Sample ID 240526-mremjsgb65
Target a9684e4a138c1ce74372fc719043c220_NeikiAnalytics.exe
SHA256 e314bbd9f2ab114b8184a6d7dfd1b0256af86ac6c47bfc958e088df0f76677f8
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e314bbd9f2ab114b8184a6d7dfd1b0256af86ac6c47bfc958e088df0f76677f8

Threat Level: Shows suspicious behavior

The file a9684e4a138c1ce74372fc719043c220_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-26 10:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 10:41

Reported

2024-05-26 10:44

Platform

win7-20240508-en

Max time kernel

120s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a9684e4a138c1ce74372fc719043c220_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\a9684e4a138c1ce74372fc719043c220_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a9684e4a138c1ce74372fc719043c220_NeikiAnalytics.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c [email protected]

C:\Users\Admin\AppData\Local\Temp\[email protected]

[email protected]

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\[email protected]

MD5 a8bfedbf435b165d80ff5fdfde1df9de
SHA1 fa0777769e69c6576dde6823ba5881888f239be5
SHA256 a11ccbe8ca58b88eb3a727763c63858fea7cfa0bf3c69bf5262f672417600096
SHA512 751916b87c7efb038d557e2688b0e33d498517bdb27fd5a7ded34cfb60605cc115df3cf66379fc9446597c783a023cc53fc2d321ddf9460612945ece1540f83b

memory/2088-7-0x0000000000400000-0x000000000041B000-memory.dmp

memory/848-8-0x0000000000400000-0x000000000041B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 10:41

Reported

2024-05-26 10:44

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a9684e4a138c1ce74372fc719043c220_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\a9684e4a138c1ce74372fc719043c220_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a9684e4a138c1ce74372fc719043c220_NeikiAnalytics.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c [email protected]

C:\Users\Admin\AppData\Local\Temp\[email protected]

[email protected]

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4232 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.180.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\[email protected]

MD5 a8bfedbf435b165d80ff5fdfde1df9de
SHA1 fa0777769e69c6576dde6823ba5881888f239be5
SHA256 a11ccbe8ca58b88eb3a727763c63858fea7cfa0bf3c69bf5262f672417600096
SHA512 751916b87c7efb038d557e2688b0e33d498517bdb27fd5a7ded34cfb60605cc115df3cf66379fc9446597c783a023cc53fc2d321ddf9460612945ece1540f83b

memory/4192-5-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4664-6-0x0000000000400000-0x000000000041B000-memory.dmp