Analysis Overview
SHA256
ca2c354a5f2e8dc4e7f574f21944a2cb897c968f21fcb8ace7d6b4cc5f5b3b1f
Threat Level: Likely benign
The file 4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-29 09:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:33
Platform
win7-20240215-en
Max time kernel
147s
Max time network
122s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
| MD5 | 195bee2796f9640ad3c025877ac172e3 |
| SHA1 | 2ff2aee039d59582f61751b774ce01116487490c |
| SHA256 | ad988a6e626f10fa54f3ff045cfb368b57667304f1bf45f9c1b8f33ae4897a00 |
| SHA512 | b0f02276ee61e577ebcaf7e811e51af211c2e4b1269564ddef91fa600f0a66921d3997994258e37a00ff134467c44d90650d1b0962713fe19dab24296c4e7d2b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:33
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
103s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4f443562d1b5feb0374463ceb408e070_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| NL | 23.62.61.144:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
| MD5 | a6655789a3f15c35875ba58781ccbfed |
| SHA1 | 50d8110e065547f86c4ef4d469d4ee1270905323 |
| SHA256 | 88df3d70a457b952895dbc2bf8cd7f3687204644a85b646dbd8fd2005c6df6dc |
| SHA512 | 4b5314016066f2dac7901691bcd0ae338e3b1b098f76f0fe999d2ff25664207786171a880b87f2624397deb2749e492540a85c9b19409d93f271637523d5da71 |