Malware Analysis Report

2025-06-16 07:09

Sample ID 240602-bdqxwadc7y
Target 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe
SHA256 93d9183084538d1eaefa2f0914467c25768b24910c42a7dbd99020898adf0b81
Tags
persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

93d9183084538d1eaefa2f0914467c25768b24910c42a7dbd99020898adf0b81

Threat Level: Shows suspicious behavior

The file 187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 01:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 01:01

Reported

2024-06-02 01:04

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\FilesWQ\aoptiec.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesWQ\\aoptiec.exe" C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidMP\\dobxloc.exe" C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\FilesWQ\aoptiec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe"

C:\FilesWQ\aoptiec.exe

C:\FilesWQ\aoptiec.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\FilesWQ\aoptiec.exe

MD5 684ca3a59a619e42a32e6c2ae33c7bb1
SHA1 12441ce9422a231c842f10331ae178d54dcaeb17
SHA256 6a8ac606eeb7332c7230544130406ecac67cecbc06cd6b3d122e36e7d20974e1
SHA512 9ca94fec2a6ec8c949c8f85151fc60d6b4c5587e499bd817fff3a7c75f5cbd248d8639e6de787707206233961d44685cfe1046d2c0716acd84be4f320ce76611

C:\Users\Admin\253086396416_10.0_Admin.ini

MD5 196068cb210e635c44dfa63cb8590f74
SHA1 384f7634fd7a3a40800d987f3a1119c21ee92538
SHA256 f2a877a40d9c767c07f117d6a326c9278d961ff871a955d407abcb78946e042a
SHA512 33b65a30d299f21c71ded076d75d7fc37decff94f18eb5ee4eb6138a2fbaeb773505f915f9790490945b64d3a6994f12ada7193863a0401b8bbdefe2484b10ef

C:\VidMP\dobxloc.exe

MD5 314114e52316a1a85265da9c40fbc967
SHA1 0b4e102bafb9d477b965becb428f9dd788b12d9a
SHA256 9b8ae7bf2c86ca523618243d07ae002e3a246583d1155405b0727086dba96ae6
SHA512 3f74eb27d4ac18a890c9765d9b04d03ef8bc0952771a543192a2f001496c7892ea16c4c1b5129d5aa87a9379d24b3fd9df3eb1642e865a8a60dbccbb15dc434e

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 01:01

Reported

2024-06-02 01:04

Platform

win7-20240419-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\IntelprocZA\devbodsys.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\IntelprocZA\\devbodsys.exe" C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\GalaxOH\\optidevsys.exe" C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A
N/A N/A C:\IntelprocZA\devbodsys.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\187d7125a1557a8d51f8ce5d46e93ec0_NeikiAnalytics.exe"

C:\IntelprocZA\devbodsys.exe

C:\IntelprocZA\devbodsys.exe

Network

N/A

Files

\IntelprocZA\devbodsys.exe

MD5 49312c3df95a490723f83af865f67681
SHA1 bd83fbc295f7970bbfbc39de84dcf915918eaaaa
SHA256 bead5a2b2e4e03cb59c524e650edaddf4ee3c2f6a67d29ffbbcc30e6e5d5fe92
SHA512 46c2c33e0bcebbc8ee28b82f68767d61c5488b562f881ae87f36104b4e6912d822e4ace5bb709040fba1f99d7e72279fd452f155463858670eb04aa2589e8b32

C:\Users\Admin\253086396416_6.1_Admin.ini

MD5 6efc207ecbcf710553722d950c771e84
SHA1 bffd4a20bed594bc04568e6d5d86c45c5788b4cb
SHA256 fc6a986df83cbb5ab246a11e5660211c89ab2f65f829172d797609e199c15bd2
SHA512 14bc0e4c7d1e301149ee1ea28bcdd5055f43522d72087a1ec1975cd2a24adfaac21c5f02711f94fb11eab95888d3ee14781e86f8c01ef43d9e5f4726875ab925

C:\GalaxOH\optidevsys.exe

MD5 f84d2021b356535f6c475c8935ac2344
SHA1 c2614160139f7bfb92586b04c491539eff04f91b
SHA256 535ec41a53b90d2b02ac47e95f31048f687b41ac6eeaac6ef2175baf1c4a1045
SHA512 797ddf04a7c3d7e4d20c69114e6ae190cbd358f5a8caa8c0f1052d99cd890150d890f828a58c08156513819a96b74839aa8ad1f1d99fd33d4e314c36230dc0a9