Analysis Overview
SHA256
69e08247421ab76a58969c63494783c861046ab39beeeede4c29bcb2be20a69c
Threat Level: Likely malicious
The file 173a6a2c9541cf72653bafe0928c2000_NeikiAnalytics.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-06 20:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 20:34
Reported
2024-06-06 20:37
Platform
win7-20240419-en
Max time kernel
131s
Max time network
121s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\173a6a2c9541cf72653bafe0928c2000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\173a6a2c9541cf72653bafe0928c2000_NeikiAnalytics.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-06 20:34
Reported
2024-06-06 20:37
Platform
win10v2004-20240226-en
Max time kernel
155s
Max time network
163s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203452446.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203509165.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203519930.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203533524.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203545289.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203557430.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203616008.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203629946.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203641227.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203652258.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203707055.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\173a6a2c9541cf72653bafe0928c2000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\173a6a2c9541cf72653bafe0928c2000_NeikiAnalytics.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203452446.exe 000001
C:\Users\Admin\AppData\Local\Temp\242606203452446.exe
C:\Users\Admin\AppData\Local\Temp\242606203452446.exe 000001
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203509165.exe 000002
C:\Users\Admin\AppData\Local\Temp\242606203509165.exe
C:\Users\Admin\AppData\Local\Temp\242606203509165.exe 000002
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203519930.exe 000003
C:\Users\Admin\AppData\Local\Temp\242606203519930.exe
C:\Users\Admin\AppData\Local\Temp\242606203519930.exe 000003
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203533524.exe 000004
C:\Users\Admin\AppData\Local\Temp\242606203533524.exe
C:\Users\Admin\AppData\Local\Temp\242606203533524.exe 000004
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203545289.exe 000005
C:\Users\Admin\AppData\Local\Temp\242606203545289.exe
C:\Users\Admin\AppData\Local\Temp\242606203545289.exe 000005
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203557430.exe 000006
C:\Users\Admin\AppData\Local\Temp\242606203557430.exe
C:\Users\Admin\AppData\Local\Temp\242606203557430.exe 000006
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203616008.exe 000007
C:\Users\Admin\AppData\Local\Temp\242606203616008.exe
C:\Users\Admin\AppData\Local\Temp\242606203616008.exe 000007
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203629946.exe 000008
C:\Users\Admin\AppData\Local\Temp\242606203629946.exe
C:\Users\Admin\AppData\Local\Temp\242606203629946.exe 000008
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203641227.exe 000009
C:\Users\Admin\AppData\Local\Temp\242606203641227.exe
C:\Users\Admin\AppData\Local\Temp\242606203641227.exe 000009
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203652258.exe 00000a
C:\Users\Admin\AppData\Local\Temp\242606203652258.exe
C:\Users\Admin\AppData\Local\Temp\242606203652258.exe 00000a
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203707055.exe 00000b
C:\Users\Admin\AppData\Local\Temp\242606203707055.exe
C:\Users\Admin\AppData\Local\Temp\242606203707055.exe 00000b
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hswl.ywkq.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | hswl.ywkq.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 19.94.70.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cesf.fqqw.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | cesf.fqqw.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lyvv.vtgl.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | lyvv.vtgl.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | njwx.tsar.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | njwx.tsar.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | rqvg.ycge.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | rqvg.ycge.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 147.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pjbm.tegk.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | pjbm.tegk.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jhrg.ctvz.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | jhrg.ctvz.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | lixn.mesk.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | lixn.mesk.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ubwj.veow.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ubwj.veow.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | hamj.dxpu.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | hamj.dxpu.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | srba.yzfu.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | srba.yzfu.v5.mrmpzjjhn3sgtq5w.pro | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\242606203452446.exe
| MD5 | 5cc3c38bc39e074585094ae51d42ae8a |
| SHA1 | 2d4d6f82a6af720dfd20662467c84baca9e39fc9 |
| SHA256 | 1d109b9ff455f169a2c34792000023d0f5af1ee7c5da2ffc4f6d07fd83bf4ea1 |
| SHA512 | 76b6ac6ca9de4cd5085affac2342f1e6d930098143c20d451a47f3cdf02366a81b3b6e92d91e049b552b0c3a4766c965d9ca62367f0cd61a9da79f42f45b8359 |
C:\Users\Admin\AppData\Local\Temp\242606203509165.exe
| MD5 | 150c6b2b1120d3a52e450e8c2778b158 |
| SHA1 | af5c9cdd0f585ace8755c049b37cb9060aa9aa57 |
| SHA256 | 450b9c768bed28fed87aba49b6d2d355ae758e17af61901adb4a47c5c2549254 |
| SHA512 | 7c31fec64018348932f10f4eabfd73149cfe97ebb1883f7404862ce8c18f4d2da82e509e7ece2186697acc185d463eea9e41d707295b443eec32eba06e556efd |
C:\Users\Admin\AppData\Local\Temp\242606203519930.exe
| MD5 | 59dbc86fbf1b220a5449403947e16397 |
| SHA1 | 8cdbd1feefb0ccff759139bb225cff73a0be0c69 |
| SHA256 | 30582a36a49b196f8f6007fa71901d183f7f968d561c7fc3ca88f0e3904fafc7 |
| SHA512 | 95b2ccf9c311e2ca3e37caa3a86673e63e74c68bfac90e4261da57227fc8eb36745fd459013a8cb4dfe7b998c06fd4116f53776506f6a99ff0bfdd53516e0d58 |
C:\Users\Admin\AppData\Local\Temp\242606203533524.exe
| MD5 | 2085802bf8d0b85df86c2386271a6ed5 |
| SHA1 | a216407e260c069e27bb182dd6caa5801efe490c |
| SHA256 | bf83e79568a8d34289c796858c0cd2bcca838f7f71e841a6862deeb258ff4ef5 |
| SHA512 | 7a46c05670bf814a020607f3ee55c36f445905b6c59e2a5ff726d0ba746fa0e7c8747200ad999ce764f49e6d130a0cbd53b235ae66816a95df1b0a0c08d7e4a6 |
C:\Users\Admin\AppData\Local\Temp\242606203545289.exe
| MD5 | cb964412424d7d0befac1b370f31f417 |
| SHA1 | a2c62671871b1b01843bf09d25d41acfcd2ed380 |
| SHA256 | 798b31b735e1d09d4f6940f5a22c20842d3d57225b7f5dff9575b144299995fe |
| SHA512 | f18d597dad944c79f9dd73d7bb18ecc3b476776e6b36b573601fb759c46630fce208e40994f5301d6b4837c63bdfb4ffd4ccf615d3cb05aeb2052719532e652c |
C:\Users\Admin\AppData\Local\Temp\242606203557430.exe
| MD5 | 14b02fbc4c564c342df2d358a3453569 |
| SHA1 | 5b36d8a983dcacfe3f24bf8c9a03fbd4a70401a0 |
| SHA256 | 442ec87b0e8299aa94d5e455a816652d87a880dde2944057ff69d755b1dc504a |
| SHA512 | 482c236b5b61bd44e8517480f994aea764bb2f12e53254d496798b61649865ea2acee8349315795478e9987de1a5674aaafd38c73ef1ecd37f3f347a9dff7390 |
C:\Users\Admin\AppData\Local\Temp\242606203616008.exe
| MD5 | 8eb1b22528d943b8b08abeedb5be6633 |
| SHA1 | 16d2a92e3746e6c73a148d01ebf24c34b3333234 |
| SHA256 | 3d0475f6cc6e4ee292c484b60c00bd85be3ba338f75b929645a9d6920308bf0c |
| SHA512 | 3173a93ba527798d95cba94b092697cde2285702c3df595377460bd7bfd043e8de30fcb7b0b33cb9ac42e0d233d78b7d220172be502d4c14e26f5d47a2f8b09e |
C:\Users\Admin\AppData\Local\Temp\242606203629946.exe
| MD5 | 82fc37db6e9728be89f708ca837a508f |
| SHA1 | 8a23fa9c53fe616ea07695f229d396495743a981 |
| SHA256 | 9eb3b49151cb039d4897132ac7e15f203653acad5f06bb2c7c9dffac19a80daa |
| SHA512 | 24e6ea1399f8898a7190e8669e745eb451ea2ef3ee40d93dd26c961b764f0dbf3466f14bbf5ad4874a6f254220cee3847da8a1b7a0105e31ecdba03ef84bc635 |
C:\Users\Admin\AppData\Local\Temp\242606203641227.exe
| MD5 | feecb3de0c5a07e4dda59a150000d48a |
| SHA1 | c0d2d3c4437d8057a10e8e52868abc3ba66da39e |
| SHA256 | 9b7a49494bd2cb6207ef9310600745358223e237aaff2f1990aa9b21cb40d1c6 |
| SHA512 | b10f31648e336a351a3cb0801e34f81bd015e778fb263a71fbdfd7de73563d69f24d31806b3e323a70c6eebe6935e9783da6943cd02dd18cf26d9571ff8b9c3b |
C:\Users\Admin\AppData\Local\Temp\242606203652258.exe
| MD5 | 699734ad4c389af02bdd7c1208116a69 |
| SHA1 | 798f228b03b2628891e33b7d28665ef583289b95 |
| SHA256 | eb635420accdcca2c95262e60fcb98b3d3e57de8e551151e293abf9d9164cd4d |
| SHA512 | 34914e3dbed739c31c4016eaa8d78be0da0c3ecb0bfd937b2172b8f0f635256fda1d424a5cb23ab5d253c7aa86204b9f04b64b091e5f2be8437767a434eff9ab |
C:\Users\Admin\AppData\Local\Temp\242606203707055.exe
| MD5 | 8dbb1498cb0cd7eadbcf0665fd246a5c |
| SHA1 | 42c7491035fd1af1aec68cc0326cfacd31e26113 |
| SHA256 | 0df236f0527684758b44745f0361d94beadcf2d56c353ca65979d2a1c2436c37 |
| SHA512 | 744e68f4a91db84751244352fbb7ea42c6cb5b0ccb35703470a78039f99bed6802197dd110f3812116f6b38b5ea428b871315a9f45f9ca33dba5cf1004aea321 |