Malware Analysis Report

2025-08-10 12:15

Sample ID 240607-n1z6aagf69
Target 55174dccf208769f04d9644ef38de7b0_NeikiAnalytics.exe
SHA256 f093d486acefdb5554d25613739b4269b921eee86ea858a4d31eb649e016728b
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f093d486acefdb5554d25613739b4269b921eee86ea858a4d31eb649e016728b

Threat Level: Shows suspicious behavior

The file 55174dccf208769f04d9644ef38de7b0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

UPX packed file

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-07 11:52

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-07 11:52

Reported

2024-06-07 12:05

Platform

win7-20240419-en

Max time kernel

140s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\55174dccf208769f04d9644ef38de7b0_NeikiAnalytics.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\55174dccf208769f04d9644ef38de7b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\55174dccf208769f04d9644ef38de7b0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/1008-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1008-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1008-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-gfTtLwMW7Ow8vKuq.exe

MD5 ab2a5954cbba8e1cb155980def3a96a1
SHA1 b857430edbd1cba3bc8e2e4b3f9086a237d5e08d
SHA256 7111b35e3b7fbdfcb16c890539be22d72e906fbc27b49b0d733c9faa919e770e
SHA512 a850a858e113bca1a065b60163ec8e9bd6b1dcd3befa73da4964915102b5c3788c0d6d769a61e869d5e6240325f8dbf7756a590079841ff8ca7f65bcb2f86c26

memory/1008-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1008-21-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1008-28-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-07 11:52

Reported

2024-06-07 12:05

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\55174dccf208769f04d9644ef38de7b0_NeikiAnalytics.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\55174dccf208769f04d9644ef38de7b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\55174dccf208769f04d9644ef38de7b0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 udp

Files

memory/4612-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4612-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4612-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-IG5TL7nfhOiTwWbl.exe

MD5 4e76661b1319bf873daea835840bd975
SHA1 ae9a03d30541c8b42472f9333284cb35dd47b29d
SHA256 9902ec50df541bdf13345cd25a79518f2834379480a0d5ad23e304d403444477
SHA512 45976eb4d983302fe90d44de90d5006a1e4a4973b3873dfc487d1caa2cab75f3a2a3fd325e59e7f506801a32d21adb8fab28ffd30d91469a57828f90f0d08150

memory/4612-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4612-21-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4612-28-0x0000000000400000-0x000000000042A000-memory.dmp