Malware Analysis Report

2025-08-05 15:49

Sample ID 240529-lg8xzaab7s
Target 4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe
SHA256 ca2c354a5f2e8dc4e7f574f21944a2cb897c968f21fcb8ace7d6b4cc5f5b3b1f
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

ca2c354a5f2e8dc4e7f574f21944a2cb897c968f21fcb8ace7d6b4cc5f5b3b1f

Threat Level: Likely benign

The file 4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-29 09:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 09:31

Reported

2024-05-29 09:33

Platform

win7-20240215-en

Max time kernel

147s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe

MD5 195bee2796f9640ad3c025877ac172e3
SHA1 2ff2aee039d59582f61751b774ce01116487490c
SHA256 ad988a6e626f10fa54f3ff045cfb368b57667304f1bf45f9c1b8f33ae4897a00
SHA512 b0f02276ee61e577ebcaf7e811e51af211c2e4b1269564ddef91fa600f0a66921d3997994258e37a00ff134467c44d90650d1b0962713fe19dab24296c4e7d2b

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 09:31

Reported

2024-05-29 09:33

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
NL 23.62.61.144:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 144.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 150.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe

MD5 a6655789a3f15c35875ba58781ccbfed
SHA1 50d8110e065547f86c4ef4d469d4ee1270905323
SHA256 88df3d70a457b952895dbc2bf8cd7f3687204644a85b646dbd8fd2005c6df6dc
SHA512 4b5314016066f2dac7901691bcd0ae338e3b1b098f76f0fe999d2ff25664207786171a880b87f2624397deb2749e492540a85c9b19409d93f271637523d5da71