Analysis Overview
SHA256
b3266b445847ed5d3571cb5a99499df9622161d81aad9c0c739fdf093e2c436a
Threat Level: Shows suspicious behavior
The file 9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 05:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 05:56
Reported
2024-06-03 05:58
Platform
win7-20240221-en
Max time kernel
131s
Max time network
144s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\¹¤¾ß.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe" | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System\½ØÍ¼ | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\System\½ØÆÁ | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\System\½ØÍ¼ | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\System\½ØÆÁ | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | smtp.QQ.com | udp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
Files
C:\Windows\system\½ØÆÁ
| MD5 | d28ef4d1d066def6aecf0eaf3a201ca8 |
| SHA1 | 720de6f226957770798896277f0e0bddeecd1659 |
| SHA256 | b92d29796b31ae84742ddcb6f630a5493d776452dd2e5b8558948f328593f8c7 |
| SHA512 | 5248efbbd208dee121c7219b9ea7d97327ea9af8ddca646fddde4164184d34c3d82fba6584877cce7bef3e73edf107068bf4c7c6726a54e5494520e6611266aa |
C:\Windows\system\½ØÍ¼
| MD5 | 3db6d0732b83d0015646b90ca9a1cf82 |
| SHA1 | 460eb3983d4939c06b5d8624e302caf211cd86ee |
| SHA256 | e4f69a83df6dad5554d81f54826a1d3dee0d70b6f3b5198b330c759373539a28 |
| SHA512 | c917b0ca82d99589fd53f59bae0e8b769232cf116a0090acd9710f2bbd3a1131955654432f22afa08ef1d0fe02244eff81aae35c7c49eb3d93c5774a79e8cdec |
C:\t23k.e
| MD5 | 8a92b85e2e522334bc33a6bcafa0d50b |
| SHA1 | e5dc1f1454a4c755503ccf2b37c279cdb8e8dbc5 |
| SHA256 | 4557b5835b889db54607441e5f1adc1e7d6f42f9414de83a78c07488512c8ec7 |
| SHA512 | 4fd2d8488e74d470ce6767feec0272d70523397456d9ac6302b67392fa8bf371786086aa6ffb53d7e356a1c11bcb72788e09ffa058cfaa96eedfb39206ec3f6c |
C:\t23k.d
| MD5 | ab2719a4c20cc7a28eb6843dd735a0d7 |
| SHA1 | 185a302ad82348f9bba3872dafa6c5c362465211 |
| SHA256 | ed3b5a57e0a01951d3350446756f0f27deb05677aa75edf3b4ad3e68fe57c74d |
| SHA512 | d1dc082a4e219e87cb702147470af4d32d2a21e48686ce9d7fa49c9f4a08c296815243b5097d6f15444acf521bce0d534502a3b8cd887fa86c4c584633b6cc71 |
C:\t23k.c
| MD5 | c38b8999f30e38d08f8d3981c5c16592 |
| SHA1 | 55ddd8181a77d917937fb40353a9726b5fde77ee |
| SHA256 | a45b7746ce6dc3f92057f5a4c24a41e59cb6c2c8026fb2e88a7d42c04efb48d6 |
| SHA512 | d45f8278c8fcd362d46a18e3b35e8190c0cc058596f6005fb54fa1c8f995f22ab8ec027348a1317a27ceeccffc4e8e0b3857ee56af0b2c7e055bfae2bac9fa6a |
C:\Windows\system\½ØÍ¼
| MD5 | 6894e9e7e3952b0451e136265d613ea4 |
| SHA1 | 2e564cfa29755b7b5b879c6e40fee93cb2fe9874 |
| SHA256 | a63ffbd1271ab77697c4f138614dd7e695c14a81879c4483c3f9c5de4bf3b78b |
| SHA512 | 4f0bd6ae604ad380f21e5d74b3081b94d8f45b4c9734b5c4f8ee74aa1d16785fc6c27fe5bfe13604532ce0945293b5441f02e036ff439c4655583e9ac2b3d23d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 05:56
Reported
2024-06-03 05:58
Platform
win10v2004-20240226-en
Max time kernel
140s
Max time network
161s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\¹¤¾ß.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe" | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System\½ØÆÁ | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\System\½ØÍ¼ | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\System\½ØÆÁ | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\System\½ØÍ¼ | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9dd1c24b524f566c9899bf128d5bde50_NeikiAnalytics.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | smtp.QQ.com | udp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| NL | 52.142.223.178:80 | tcp | |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| HK | 43.129.255.54:25 | smtp.QQ.com | tcp |
| US | 8.8.8.8:53 | 41.173.79.40.in-addr.arpa | udp |
Files
C:\Windows\System\½ØÆÁ
| MD5 | 2d86e90c8077c7c810045f96fe8972e0 |
| SHA1 | d4dfe7859823ee4219450fba7c4d074b01d1e29b |
| SHA256 | 9b6ae565e235738cb64aec55a2b79af7b1b2d8933da3e2ce275182ce0332bee4 |
| SHA512 | a34a0b287a7bcfd77d79a614bf6ab6a41d69ff744a20147b447a11c2a692321262cf53f2681082b75112fd87844ee6034944cdb9c8d7ec38b68e0d062f9664f1 |
C:\Windows\System\½ØÍ¼
| MD5 | b65d2ba5e50d037a38543ef90633e2d0 |
| SHA1 | e23a73d98ae4b0b9ec6e63fbe97ac7efc227e235 |
| SHA256 | 012f106a4d5cce1bcc58ac86641429a85ca43395660043deb349e1e0931ca263 |
| SHA512 | a6354752eb84ee786c57d6078845aa1f5bf59afc328614f7b568b83845a183c58077b369dc18087f4a4a654d68fd39a61855c7775ca7528b388b7ebbdadeea4a |
C:\t4uo.e
| MD5 | cbc42ac6cfa38f069546db6ed4556698 |
| SHA1 | cdf072713888da589831fc2486d09dcdc23a76dd |
| SHA256 | 017f5a37c733d1311e1435177c76e71cb1c66634881f18d5156e992f59e8739d |
| SHA512 | f3c0345a95801e30b43ad2124391400d68eefb28816148ae6a7bbf9dbcca40ddbfeb16c8c89d53d34015652b7992d74b4a4d8783b002c32e466af40802652dab |
C:\t4uo.d
| MD5 | ba2e8dd3d9ad4add44e918ac69ee1c09 |
| SHA1 | d01ad0acb946071ce7b9b7bfc22adb4f031ce5d3 |
| SHA256 | 7d9c085d259b1149d2e856a024a15122642e1b4a840dd8156a9689524b451326 |
| SHA512 | 0c805bbffc991f2ab9a941cd387550bb2048521c990c658c3f0e41d473430737aa4d82c54d1e4e2747b233cb46da9e09a45335cf8654fef1cd21c0c9e6d9a51b |
C:\t4uo.c
| MD5 | bd60be048650b193b5259cc9b9a46fe2 |
| SHA1 | 5a7e7c63373249e016dfa44fdb0789ac8092f910 |
| SHA256 | 97110deded06d332e1e892d8353387498a15c3769173470e56978bb106d60b0a |
| SHA512 | d444638fca9fc8feabb6b5b963133e7e299a3c0620b672a0d8a4350bc79eb0f7d94666b17f334903a1ee4b72fabc627247c99715c08827e4cf91b0c86c6031b0 |