Analysis Overview
SHA256
0a6be2e573f83f9acac0eaba150f20979b7af6869a907448b4913675f04cc8c0
Threat Level: Shows suspicious behavior
The file 21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Deletes itself
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unsigned PE
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-11 00:56
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 00:56
Reported
2024-06-11 00:58
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
51s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1752 wrote to memory of 2124 | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe |
| PID 1752 wrote to memory of 2124 | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe |
| PID 1752 wrote to memory of 2124 | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe
Network
Files
memory/1752-0-0x0000000000400000-0x000000000043D000-memory.dmp
memory/1752-1-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1752-6-0x00000000001B0000-0x00000000001BF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe
| MD5 | d93e8b422af925c1aecfc9d0b5826c6c |
| SHA1 | 7c7f24b20181972ec21f6bc4ab7eda62999e4a65 |
| SHA256 | 7c666c29e299ee985e61f1689d8b6b9061f30ccb7206b0ec0d0af6340b5c1873 |
| SHA512 | 1ee7528473d5599651fbd8ee7f176d2df8b4d472f0e522370d39ddf32d8dc6ee9260f66efa25f4cc1eb50f01808f08a97b3ee7c21fa3baa378aa4d2eb2acb917 |
memory/1752-13-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2124-12-0x0000000000400000-0x000000000043D000-memory.dmp
memory/2124-14-0x00000000000C0000-0x00000000000CF000-memory.dmp
memory/2124-15-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2124-20-0x0000000000400000-0x000000000040E000-memory.dmp
memory/2124-25-0x00000000001D0000-0x00000000001ED000-memory.dmp
memory/2124-26-0x0000000000400000-0x000000000043D000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 00:56
Reported
2024-06-11 00:58
Platform
win7-20240508-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2932 wrote to memory of 2860 | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe |
| PID 2932 wrote to memory of 2860 | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe |
| PID 2932 wrote to memory of 2860 | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe |
| PID 2932 wrote to memory of 2860 | N/A | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe
Network
Files
memory/2932-0-0x0000000000400000-0x000000000043D000-memory.dmp
memory/2932-1-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2932-8-0x0000000000030000-0x000000000003F000-memory.dmp
\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe
| MD5 | 25130233b7778764ce88f184269712a4 |
| SHA1 | 302e58f5afcfce60ed29330ac00bb562aad6dafb |
| SHA256 | 8b21224fd2dcad648c10942020196e1b01ec2470431fa4ee30a463ef193bf893 |
| SHA512 | 657fcb3f14385ae564b68fbb6c23f55113a1c51588c347e1f144e67a6693eabdfa202febf07ad9431a38657bb5f59da05b150191c89d1518259656a401adc052 |
memory/2932-12-0x0000000000160000-0x000000000019D000-memory.dmp
memory/2932-15-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2860-17-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2860-22-0x0000000000400000-0x000000000040E000-memory.dmp
memory/2860-27-0x0000000000030000-0x000000000003F000-memory.dmp
memory/2860-28-0x00000000001F0000-0x000000000020D000-memory.dmp
memory/2860-29-0x0000000000400000-0x000000000043D000-memory.dmp