Analysis Overview
SHA256
61acb95b77f53ad74c16ea0bcb40a1e2e0605198901ac798e8bb905a09138353
Threat Level: Likely malicious
The file 37117d2d5f95c210b3ffb9c16cc93ce0_NeikiAnalytics.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-06 20:35
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 20:35
Reported
2024-06-06 20:38
Platform
win7-20240419-en
Max time kernel
132s
Max time network
123s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\37117d2d5f95c210b3ffb9c16cc93ce0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\37117d2d5f95c210b3ffb9c16cc93ce0_NeikiAnalytics.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-06 20:35
Reported
2024-06-06 20:38
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\240606203549332.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203603050.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203616300.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203628253.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203639503.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203654003.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203706019.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203716785.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203726253.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203738175.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203749738.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203800050.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\37117d2d5f95c210b3ffb9c16cc93ce0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\37117d2d5f95c210b3ffb9c16cc93ce0_NeikiAnalytics.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\240606203549332.exe 000001
C:\Users\Admin\AppData\Local\Temp\240606203549332.exe
C:\Users\Admin\AppData\Local\Temp\240606203549332.exe 000001
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203603050.exe 000002
C:\Users\Admin\AppData\Local\Temp\242606203603050.exe
C:\Users\Admin\AppData\Local\Temp\242606203603050.exe 000002
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203616300.exe 000003
C:\Users\Admin\AppData\Local\Temp\242606203616300.exe
C:\Users\Admin\AppData\Local\Temp\242606203616300.exe 000003
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203628253.exe 000004
C:\Users\Admin\AppData\Local\Temp\242606203628253.exe
C:\Users\Admin\AppData\Local\Temp\242606203628253.exe 000004
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203639503.exe 000005
C:\Users\Admin\AppData\Local\Temp\242606203639503.exe
C:\Users\Admin\AppData\Local\Temp\242606203639503.exe 000005
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203654003.exe 000006
C:\Users\Admin\AppData\Local\Temp\242606203654003.exe
C:\Users\Admin\AppData\Local\Temp\242606203654003.exe 000006
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203706019.exe 000007
C:\Users\Admin\AppData\Local\Temp\242606203706019.exe
C:\Users\Admin\AppData\Local\Temp\242606203706019.exe 000007
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203716785.exe 000008
C:\Users\Admin\AppData\Local\Temp\242606203716785.exe
C:\Users\Admin\AppData\Local\Temp\242606203716785.exe 000008
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203726253.exe 000009
C:\Users\Admin\AppData\Local\Temp\242606203726253.exe
C:\Users\Admin\AppData\Local\Temp\242606203726253.exe 000009
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203738175.exe 00000a
C:\Users\Admin\AppData\Local\Temp\242606203738175.exe
C:\Users\Admin\AppData\Local\Temp\242606203738175.exe 00000a
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203749738.exe 00000b
C:\Users\Admin\AppData\Local\Temp\242606203749738.exe
C:\Users\Admin\AppData\Local\Temp\242606203749738.exe 00000b
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203800050.exe 00000c
C:\Users\Admin\AppData\Local\Temp\242606203800050.exe
C:\Users\Admin\AppData\Local\Temp\242606203800050.exe 00000c
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | icbl.zisi.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | icbl.zisi.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 19.94.70.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eazs.iyrw.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | eazs.iyrw.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xqrg.jxof.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | xqrg.jxof.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tdqv.tdkc.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | tdqv.tdkc.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | easo.wgcj.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | easo.wgcj.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 129.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ikly.fcax.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ikly.fcax.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | xvgj.lvin.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | xvgj.lvin.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | mven.cypg.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | mven.cypg.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | reew.qymi.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | reew.qymi.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | mfmm.qynz.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | mfmm.qynz.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ygag.qyyk.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ygag.qyyk.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | chtk.cwgt.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | chtk.cwgt.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | sbtk.pqsh.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | sbtk.pqsh.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 3.17.178.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\240606203549332.exe
| MD5 | d0d6880502bbead351a87173675f31cf |
| SHA1 | f02291544d27320015f247b83e4552f331b691ba |
| SHA256 | ce29edcd61c8a701005bb11947708e5a99600e134ffb3e38ea8a2311217e71b5 |
| SHA512 | 92f09ee8fa5e367f3fbf5a50ca3ac4f527c1de3993649b721302eb305ca431b79cf4713c3e55105bd6bbcde1a03094db7c70c1d85f4ba1eb4bcb5f9d0b97cd0f |
C:\Users\Admin\AppData\Local\Temp\242606203603050.exe
| MD5 | 0a3a66d8ef2c9c35b3519e3d549004e5 |
| SHA1 | da2321bfbbae463b87d3627bc181645a1ff1b387 |
| SHA256 | d40b7ed908b8e8cab67f252619a419451b803429af67701cd320327f6ca46671 |
| SHA512 | e01b008db00c136e265f4a08fb2440bef58242ea701a72370d7db4df8e3b4548480d851e31cfb4a6f0c3886d4576a9734e4d80cca4d77442b48e0c9dbd8571e6 |
C:\Users\Admin\AppData\Local\Temp\242606203616300.exe
| MD5 | 6505c4bc05054c493fac20f93a3f0f52 |
| SHA1 | cd9de89f77cb12b3b2a8488601b07ee18b15ca0d |
| SHA256 | df42bdd50be84a6bc8973b606742cdf0a09fb86f24ea7e04c82f10b26b547b29 |
| SHA512 | e482ddcbbd187761d31750605ad184f92438601aea30c35e0fabed01a68b40bc710b18a50e999a15ab33355ff214b47b99b893635742c175b9f30b5a908d6381 |
C:\Users\Admin\AppData\Local\Temp\242606203628253.exe
| MD5 | 2549561906a641061306e78b63d2d983 |
| SHA1 | c26bc557d91f4fd6fdce46e93f2ba7003c0dc3d5 |
| SHA256 | a3103bd409ae6e3c0180f582777753f6d05b91577316e546141bda02cb50faff |
| SHA512 | edf56bf4c9cab93d20dfeae518b39f7a7ae107b61179fc74581758a3bfea4f209e81ad572ef53dd8c656b894109f33637a24719ceb9b1e6265e1ac20f7f8efa6 |
C:\Users\Admin\AppData\Local\Temp\242606203639503.exe
| MD5 | 1ace3fc93e32cb03229794e61d87d957 |
| SHA1 | 444084812f62b2f19dea44ff780f3bd4303752b7 |
| SHA256 | 14499598d5b6db4d58b11a9a374cf421961986a8f510cc6a667df02dee266edb |
| SHA512 | 5482483ce8500e85d24c221be665916a7fb890da528c8ab76a80902f48db10bfe4a45503006840675da4a653da726cc5e148f5838effcc75a3a305a4de2ebfd0 |
C:\Users\Admin\AppData\Local\Temp\242606203654003.exe
| MD5 | caa9f6b2ff2839a4fc7c6f320138497e |
| SHA1 | 64770bd53e3919fa028f813ed010277ddc4b4aa2 |
| SHA256 | 4ae6c3a6eecdb53f5eb27f1d3ee0c9d4d62124139201a406cb4938ae3551e2ad |
| SHA512 | 2068ee449b9f29a8e64448eccd4393fa681785992387e03080b8ab2edc5fddf93a410cc9d518c7a4a26bece729eaf851b40fe9f0f75d11e06c829e1bee783283 |
C:\Users\Admin\AppData\Local\Temp\242606203706019.exe
| MD5 | 6d5371a8b8c8c91e8d9ca5c67aa79a60 |
| SHA1 | 91cfa80d93877823c919a76075d4127c787fb7de |
| SHA256 | 5f17e4c05642a6aacb1ae4b1525c3997113985406e675511e436be890b295891 |
| SHA512 | 9488c5c90b783ce3b73ddb90a8c267bfce0723e2c6aadb31c10a7e4f41c5f9c899ca71343b16daf50162cb75fc5593df41d1efaf75899b63761385285f9a0562 |
C:\Users\Admin\AppData\Local\Temp\242606203716785.exe
| MD5 | a6c44b70a42fb11b35c7b0dca7a29be0 |
| SHA1 | 9a3cddd4978dbbb5ffa2447c38c7eeae11fbfc53 |
| SHA256 | 988896b27b47f9293676e309eb65ee0f7db4b9b2805a07e56d47e62b79b41866 |
| SHA512 | 2d195dba9e9a9b51a23f58f28f943e6f5ad710a9d3c6802f298cc893127c3b501954e0b2a2a6ec42a23c4fb36debc421a804f39b8835e63245829d059eb18dae |
C:\Users\Admin\AppData\Local\Temp\242606203726253.exe
| MD5 | 74253133447a54e69353cbe68733de08 |
| SHA1 | c496e144f0b8e01c503a4b9e06fbeafa32078213 |
| SHA256 | 737aeebfda2e705abf51345eba946ca697d317e410b0ef5480f3c0f82698ebd9 |
| SHA512 | cfc090a542400c2a0b049737c52047871ff220a2bce8ccd9555e358b5d9bbad480942ce1405aef2f71814c5b4864257de7c6f72f0adf26c54601c9b7e6fa3999 |
C:\Users\Admin\AppData\Local\Temp\242606203738175.exe
| MD5 | 63dc5e07b42a45c4b808d10fc861eafd |
| SHA1 | 18d43937cb1d7621daebb3fcb720f951414d91ce |
| SHA256 | 25d3d6f9c1f99dc8be1aa222e7778ba31ec9f3cffda327523c7fcbd13811ab3c |
| SHA512 | 296cd0297b18ce99ce515cfb54d4f8e76b7a6f6960862c9942ac4c2462731e799a7a04915f3a942e7178cb36f7af4d6b4cbb18a476729080b6282a0e74ae7092 |
C:\Users\Admin\AppData\Local\Temp\242606203749738.exe
| MD5 | 67ccad3da4d68c6bab572dd287c4582f |
| SHA1 | 026414056b7b209f46c7a16c294323fcb9182370 |
| SHA256 | e4f7ead7fd7023db96d8d37001da1036a77cbfa61bbafa781ef5599259bfa07f |
| SHA512 | df1028c1439de83c33ec22ee759c979bd4a8995be97e3113c1012929ebc85f5b99ee2769628f18c1429659dd3785d3d62b50620601644bd462487d4d58884e57 |
C:\Users\Admin\AppData\Local\Temp\242606203800050.exe
| MD5 | a89408d2e107392f85b87988dd7f40d5 |
| SHA1 | 9e937c9906eeb7e1e889e1a4bee2942efa5dd8cb |
| SHA256 | 4748e8829507e99bfe75a9854e4ee459cd5a857aff3e1473b3313692bae0d18d |
| SHA512 | 02a23f1f002976d8614dfadf01228114ff049c7885efb3e0a68e827f2006e73aca20efccd5a7f46c5becac88969030bc74f033a3d2836fbe9138fe6ed8baba3b |