Malware Analysis Report

2025-01-17 21:30

Sample ID 240603-qrcpqsga2z
Target a4fc2b9519492ecd7e73d901f2ef77e0_NeikiAnalytics.exe
SHA256 4d39ce6b9300d9d25bfb6e359a608a759f1a1c7a03aa80d36ef07f919dd7e4fb
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4d39ce6b9300d9d25bfb6e359a608a759f1a1c7a03aa80d36ef07f919dd7e4fb

Threat Level: Shows suspicious behavior

The file a4fc2b9519492ecd7e73d901f2ef77e0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Deletes itself

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:29

Reported

2024-06-03 13:31

Platform

win7-20240221-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4fc2b9519492ecd7e73d901f2ef77e0_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\a4fc2b9519492ecd7e73d901f2ef77e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a4fc2b9519492ecd7e73d901f2ef77e0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\2424.tmp

"C:\Users\Admin\AppData\Local\Temp\2424.tmp"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\2424.tmp

MD5 5941bbbfbb2ece3759dc91e32081a7b9
SHA1 1326b79a8600838219042cabece423a4cf947013
SHA256 ddad778cc1a8e44caaaba15d0cacba53b7cf6285019b32b7d8927dd6c9e1d765
SHA512 461123c4a00a229cffffd099aa253f28f0197488ce1944d0d115ac0f509664ddd3e5eb74d782b88e29dcc68a8b642e1419b96144248bd6a0fc743dd069f5295a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:29

Reported

2024-06-03 13:31

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4fc2b9519492ecd7e73d901f2ef77e0_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\a4fc2b9519492ecd7e73d901f2ef77e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a4fc2b9519492ecd7e73d901f2ef77e0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\E6B6.tmp

"C:\Users\Admin\AppData\Local\Temp\E6B6.tmp"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4336,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\E6B6.tmp

MD5 e6df579659968cd682ec203047e3e3b7
SHA1 0f62c4edf3aaec3a939eefb37c3c4a13346d311d
SHA256 e5fa92914d0f8ac7aa06e58be38dc16ab3553c3d40e242c6961070902cd297d6
SHA512 d54066421c508c2143452cee2b9f4992c94b0d32fae3a73df6787bb6386cb6fe02c04e2b485c030cb61a2d9d419fb50761713835475a0867561b72536875ba79