Malware Analysis Report

2025-06-16 07:04

Sample ID 240531-stw79sce31
Target f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe
SHA256 8feab64c71cea8d5fe6631fb8cdac34e5342eb4770f6be5df9d8068f268b28cb
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

8feab64c71cea8d5fe6631fb8cdac34e5342eb4770f6be5df9d8068f268b28cb

Threat Level: Shows suspicious behavior

The file f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Deletes itself

Executes dropped EXE

Loads dropped DLL

Program crash

Unsigned PE

Suspicious behavior: RenamesItself

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 15:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 15:25

Reported

2024-05-31 15:28

Platform

win7-20240221-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe

Network

N/A

Files

memory/1984-0-0x0000000000400000-0x0000000000442000-memory.dmp

\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe

MD5 ab6e781a0a3d12f5eefffdec812aacb5
SHA1 7b3b4f355728b1671b6d1dc61ce2ce79e5786e27
SHA256 daaf5e74640d07a52f92e7c7fb7df2082d56061d0c2f8c005ed0dae3886a6077
SHA512 4793e8ef29e57c1c5427fa46a378b876349229782c14a215f47bc6fa9dc3dde2d78436c59a10d6ee4e60da2bd7a867c43bc6fb5594a2b27b7d91f0d534d73881

memory/1984-5-0x0000000000130000-0x0000000000172000-memory.dmp

memory/1984-10-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2308-11-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2308-13-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2308-17-0x0000000000180000-0x00000000001C2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 15:25

Reported

2024-05-31 15:28

Platform

win10v2004-20240508-en

Max time kernel

140s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4620 -ip 4620

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 396

C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2612 -ip 2612

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4472,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

memory/4620-0-0x0000000000400000-0x0000000000442000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\f80a4766450ad900ae2eafa281ff7490_NeikiAnalytics.exe

MD5 11902060623bded7f8a95ad72c8bd046
SHA1 d02d19f648695937fa5177710756448c99d8e52c
SHA256 25d36f6fe4867460aad7343456e93b4d306c914184e5a0144eb33d87c147e7b3
SHA512 0ee0273277a94175e6a6aac9fd925b6e87427524faf69b7ed63255d3d8a0e10e1837df2b20057433efa42c1cfdf2b463aff81c3f335cb0cd6eba34415aa57f65

memory/2612-7-0x0000000000400000-0x0000000000442000-memory.dmp

memory/4620-6-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2612-8-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2612-13-0x0000000001510000-0x0000000001552000-memory.dmp