Malware Analysis Report

2025-08-06 00:22

Sample ID 240607-tndz6sbh35
Target 6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe
SHA256 67428556b168a61e1176ab4cc7fb6d9e5d7cc8dc949d2e3f5452c9005282e2f1
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

67428556b168a61e1176ab4cc7fb6d9e5d7cc8dc949d2e3f5452c9005282e2f1

Threat Level: Shows suspicious behavior

The file 6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

UPX packed file

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-07 16:11

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-07 16:11

Reported

2024-06-07 16:14

Platform

win7-20240221-en

Max time kernel

141s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2868-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2868-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2868-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-wrGJ1MxkG7NVOv5N.exe

MD5 a7c7d16a5c2ccad851fb4087b97a8f6b
SHA1 c15759c8c8137eef4cf9f75d297c283adb599102
SHA256 fafeb8dbef197b7be3a6cdcde5018b670bef357376358d6604affe4546fa6856
SHA512 45c02af9e843fc65c0cb43ff568991a35f159ecdae367302a131690c500e40a4308d49aec9ac119d702039f8c86f5a10caa2edc2ff751a39fb391981dbd98148

memory/2868-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2868-21-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2868-28-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-07 16:11

Reported

2024-06-07 16:14

Platform

win10v2004-20240426-en

Max time kernel

141s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/4920-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4920-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4920-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-mTXkXJyZjaBx5cws.exe

MD5 c83ab54aaf81485778e4f1366cbf0c3e
SHA1 97572bb32d24c31d56f3e7eb349b937f5bc5a68c
SHA256 3e2b275f64480f01fd7d71953750e4959e9c02f1c160376a9811f3d40f7a4d75
SHA512 5546f69eab73ba88e41e83e905d7a460963da7695e2ad298342e9ecaf8ba2fae45b0541296c0bc4f334803052f8f6dc8d9e78e2622cce0032a34eda6583dd1d6

memory/4920-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4920-21-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4920-28-0x0000000000400000-0x000000000042A000-memory.dmp