Analysis Overview
SHA256
3be2fce58767c93e19dbbfe95e737389b08d874bdd6a293ad257158bc25ec756
Threat Level: Shows suspicious behavior
The file 5f6a5b4c9d9c879a2ec95020e8217e30_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Enumerates physical storage devices
NSIS installer
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 01:52
Signatures
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 01:52
Reported
2024-05-30 01:55
Platform
win7-20240215-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Loads dropped DLL
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\5f6a5b4c9d9c879a2ec95020e8217e30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5f6a5b4c9d9c879a2ec95020e8217e30_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wike.soso.com.shufaren.cn | udp |
Files
\Users\Admin\AppData\Local\Temp\nst146D.tmp\NSISdl.dll
| MD5 | 254f13dfd61c5b7d2119eb2550491e1d |
| SHA1 | 5083f6804ee3475f3698ab9e68611b0128e22fd6 |
| SHA256 | fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28 |
| SHA512 | fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 01:52
Reported
2024-05-30 01:55
Platform
win10v2004-20240426-en
Max time kernel
93s
Max time network
96s
Command Line
Signatures
Loads dropped DLL
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\5f6a5b4c9d9c879a2ec95020e8217e30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5f6a5b4c9d9c879a2ec95020e8217e30_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wike.soso.com.shufaren.cn | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsz3877.tmp\NSISdl.dll
| MD5 | 254f13dfd61c5b7d2119eb2550491e1d |
| SHA1 | 5083f6804ee3475f3698ab9e68611b0128e22fd6 |
| SHA256 | fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28 |
| SHA512 | fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7 |