Malware Analysis Report

2025-08-10 21:49

Sample ID 240606-zdsy8scg76
Target a598c90eebe70028f52eb33aeeb83ba0_NeikiAnalytics.exe
SHA256 4652ad8a55ece39c31572dba4cd06dd32a120cf1707322076e4908aac852e653
Tags
persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

4652ad8a55ece39c31572dba4cd06dd32a120cf1707322076e4908aac852e653

Threat Level: Shows suspicious behavior

The file a598c90eebe70028f52eb33aeeb83ba0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Adds Run key to start application

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 20:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 20:36

Reported

2024-06-06 20:39

Platform

win10v2004-20240508-en

Max time kernel

94s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a598c90eebe70028f52eb33aeeb83ba0_NeikiAnalytics.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\a598c90eebe70028f52eb33aeeb83ba0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a598c90eebe70028f52eb33aeeb83ba0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a598c90eebe70028f52eb33aeeb83ba0_NeikiAnalytics.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd /c "GTA.bat"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GTA.bat

MD5 df4661aeff8046fdd5b3d37f3f5cd870
SHA1 281d79c197c2a07b230a97591a9a3af6416abff7
SHA256 0adf868af56f894ac8c7ee4a1543128a7a5f1076c4d825f1e56cb44d2ac151cf
SHA512 cd29e1b902fa8a360b013b8bd2ea899ef08564480e090e1b1a2455850f386289b1eb8bb4cb939c569c23fc482587d0603d7e5c158999a4eca4fd29e01071bd37