Malware Analysis Report

2025-01-17 23:16

Sample ID 240603-p6jk6age96
Target a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe
SHA256 631af64737e7a3f588fccafc7323f97bbc2c0d5d8d14bae3c76845b3a38f1398
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

631af64737e7a3f588fccafc7323f97bbc2c0d5d8d14bae3c76845b3a38f1398

Threat Level: Shows suspicious behavior

The file a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:56

Reported

2024-06-03 12:58

Platform

win7-20240508-en

Max time kernel

118s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c [email protected]

C:\Users\Admin\AppData\Local\Temp\[email protected]

[email protected]

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\[email protected]

MD5 9e8388277bdc5d8a1409fd9461a9b95b
SHA1 592ee68087745780306c43c4345f95a13c15ef5d
SHA256 2247aaccc999fd173cd0b3be04c3604f5ebd6aea10bff72f60b9b2aeddc1d1e3
SHA512 1c96025f0ee11fd6ed5f1e138e0854c4ada606b902a78f43ebc0d77603b8a3628f877925c8a6762bc8382f2f5bd8760b0e6ca24e1c30c82a2028da72c154b8f4

memory/2008-7-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1276-8-0x0000000000400000-0x000000000041B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:56

Reported

2024-06-03 12:59

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c [email protected]

C:\Users\Admin\AppData\Local\Temp\[email protected]

[email protected]

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\[email protected]

MD5 9e8388277bdc5d8a1409fd9461a9b95b
SHA1 592ee68087745780306c43c4345f95a13c15ef5d
SHA256 2247aaccc999fd173cd0b3be04c3604f5ebd6aea10bff72f60b9b2aeddc1d1e3
SHA512 1c96025f0ee11fd6ed5f1e138e0854c4ada606b902a78f43ebc0d77603b8a3628f877925c8a6762bc8382f2f5bd8760b0e6ca24e1c30c82a2028da72c154b8f4

memory/4600-5-0x0000000000400000-0x000000000041B000-memory.dmp

memory/900-6-0x0000000000400000-0x000000000041B000-memory.dmp