Analysis Overview
SHA256
67428556b168a61e1176ab4cc7fb6d9e5d7cc8dc949d2e3f5452c9005282e2f1
Threat Level: Shows suspicious behavior
The file 6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-07 16:11
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-07 16:11
Reported
2024-06-07 16:14
Platform
win7-20240221-en
Max time kernel
141s
Max time network
127s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2868-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2868-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2868-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-wrGJ1MxkG7NVOv5N.exe
| MD5 | a7c7d16a5c2ccad851fb4087b97a8f6b |
| SHA1 | c15759c8c8137eef4cf9f75d297c283adb599102 |
| SHA256 | fafeb8dbef197b7be3a6cdcde5018b670bef357376358d6604affe4546fa6856 |
| SHA512 | 45c02af9e843fc65c0cb43ff568991a35f159ecdae367302a131690c500e40a4308d49aec9ac119d702039f8c86f5a10caa2edc2ff751a39fb391981dbd98148 |
memory/2868-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2868-21-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2868-28-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-07 16:11
Reported
2024-06-07 16:14
Platform
win10v2004-20240426-en
Max time kernel
141s
Max time network
124s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b23a36f8ec2a0845e8758ff6c556240_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/4920-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4920-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4920-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-mTXkXJyZjaBx5cws.exe
| MD5 | c83ab54aaf81485778e4f1366cbf0c3e |
| SHA1 | 97572bb32d24c31d56f3e7eb349b937f5bc5a68c |
| SHA256 | 3e2b275f64480f01fd7d71953750e4959e9c02f1c160376a9811f3d40f7a4d75 |
| SHA512 | 5546f69eab73ba88e41e83e905d7a460963da7695e2ad298342e9ecaf8ba2fae45b0541296c0bc4f334803052f8f6dc8d9e78e2622cce0032a34eda6583dd1d6 |
memory/4920-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4920-21-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4920-28-0x0000000000400000-0x000000000042A000-memory.dmp