Analysis Overview
SHA256
ca18788a9579f22375e6e42d1b2a3e47fb38c83de41ea127b37cb73e6f9bb76c
Threat Level: Shows suspicious behavior
The file 973db727098f485bd4e7ab3f025d6730_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Enumerates physical storage devices
NSIS installer
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-08 07:08
Signatures
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-08 07:08
Reported
2024-06-08 07:11
Platform
win7-20240221-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Loads dropped DLL
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\973db727098f485bd4e7ab3f025d6730_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\973db727098f485bd4e7ab3f025d6730_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | video.sina.com.cn.shufaren.cn | udp |
Files
\Users\Admin\AppData\Local\Temp\nsj8EAB.tmp\NSISdl.dll
| MD5 | 254f13dfd61c5b7d2119eb2550491e1d |
| SHA1 | 5083f6804ee3475f3698ab9e68611b0128e22fd6 |
| SHA256 | fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28 |
| SHA512 | fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-08 07:08
Reported
2024-06-08 07:11
Platform
win10v2004-20240508-en
Max time kernel
90s
Max time network
121s
Command Line
Signatures
Loads dropped DLL
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\973db727098f485bd4e7ab3f025d6730_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\973db727098f485bd4e7ab3f025d6730_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | video.sina.com.cn.shufaren.cn | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsg498E.tmp\NSISdl.dll
| MD5 | 254f13dfd61c5b7d2119eb2550491e1d |
| SHA1 | 5083f6804ee3475f3698ab9e68611b0128e22fd6 |
| SHA256 | fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28 |
| SHA512 | fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7 |