Malware Analysis Report

2025-04-14 00:39

Sample ID 240530-rk197acd86
Target e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe
SHA256 59bc4e65a020ac9c2aa796197011e5d2e66480a270346cb8f37fed09b357ce15
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

59bc4e65a020ac9c2aa796197011e5d2e66480a270346cb8f37fed09b357ce15

Threat Level: Shows suspicious behavior

The file e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Deletes itself

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Suspicious behavior: RenamesItself

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-30 14:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 14:15

Reported

2024-05-30 14:18

Platform

win7-20240508-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe

Network

N/A

Files

memory/3016-0-0x0000000000400000-0x000000000042F000-memory.dmp

memory/3016-1-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe

MD5 4bf87fb939a03a58d1363a3ca8eb1a48
SHA1 10e41bd64620529deb19b570f58efc6005382c79
SHA256 f273b1296c6ba4ec89beeb2c95d8624645a6e41fba4adf56138cec1393eb3f6d
SHA512 6da4a9136249830337d6f391596e37956a861905afad4369ef9ee840f772d3711a4e436fca06dcf472b015a029e3536bfdead82b6b2b6db3b19186870fa50f8f

memory/3016-14-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3016-15-0x0000000000190000-0x00000000001BF000-memory.dmp

memory/2992-17-0x0000000000400000-0x000000000042F000-memory.dmp

memory/3016-9-0x0000000000140000-0x000000000016F000-memory.dmp

memory/2992-29-0x00000000001A0000-0x00000000001BB000-memory.dmp

memory/2992-28-0x0000000000140000-0x000000000016F000-memory.dmp

memory/2992-23-0x0000000000400000-0x000000000040E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 14:15

Reported

2024-05-30 14:18

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.107.98:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 98.107.17.2.in-addr.arpa udp
BE 2.17.107.98:443 www.bing.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/2740-0-0x0000000000400000-0x000000000042F000-memory.dmp

memory/2740-1-0x00000000000F0000-0x000000000011F000-memory.dmp

memory/2740-2-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2740-13-0x0000000000400000-0x000000000041B000-memory.dmp

memory/228-14-0x0000000000400000-0x000000000042F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\e1e68eaf707b6522fcbec1a74a4de7d0_NeikiAnalytics.exe

MD5 b10a28c44a9c25782d6f2f8eda215af0
SHA1 eed3bb4811aa457a94c306f8154b9085ecb8cd2d
SHA256 0d59b49d427d731830a839d6ae8ccb37b63ffcdf9712aa156f12312f6e73847f
SHA512 a6d99fd132a568e6180713288c765196195caa14ce3735d22abaa56629e1bee6910c1d11aa0adc83b024548a579cb42ae83e72403b270e86244fd67d224679fb

memory/228-20-0x0000000001430000-0x000000000145F000-memory.dmp

memory/228-21-0x0000000000400000-0x000000000040E000-memory.dmp

memory/228-26-0x00000000014F0000-0x000000000150B000-memory.dmp