Malware Analysis Report

2025-01-17 23:17

Sample ID 240603-p62rqsfb6z
Target a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe
SHA256 12d002845d95604d1b26caa65de20bc799daf239bdd3a796c187b752cab7d010
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

12d002845d95604d1b26caa65de20bc799daf239bdd3a796c187b752cab7d010

Threat Level: Shows suspicious behavior

The file a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:57

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:57

Reported

2024-06-03 12:59

Platform

win7-20240508-en

Max time kernel

120s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c [email protected]

C:\Users\Admin\AppData\Local\Temp\[email protected]

[email protected]

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\[email protected]

MD5 65b4652c2300b626d6ff1561ba52ec89
SHA1 2262dee1193f657401b01b99ee8c29d94daebe64
SHA256 6ba01faae5505f7baf5e6e1e8acc5ab7da2cb1644050c6009954fae7b819b9a4
SHA512 2f0682e9c32d0e3d125ecffe2a73e54a5e0106205f21f41c8d043ada7ce251f5450b075e1e0f0a4381b64e4452c64a389716f15aa1eeeae23325eb0e8695ee05

memory/1452-8-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2064-7-0x0000000000400000-0x000000000041B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:57

Reported

2024-06-03 12:59

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c [email protected]

C:\Users\Admin\AppData\Local\Temp\[email protected]

[email protected]

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.73.50.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\[email protected]

MD5 65b4652c2300b626d6ff1561ba52ec89
SHA1 2262dee1193f657401b01b99ee8c29d94daebe64
SHA256 6ba01faae5505f7baf5e6e1e8acc5ab7da2cb1644050c6009954fae7b819b9a4
SHA512 2f0682e9c32d0e3d125ecffe2a73e54a5e0106205f21f41c8d043ada7ce251f5450b075e1e0f0a4381b64e4452c64a389716f15aa1eeeae23325eb0e8695ee05

memory/2652-5-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2744-6-0x0000000000400000-0x000000000041B000-memory.dmp