Malware Analysis Report

2025-08-06 00:24

Sample ID 240611-bafmqsybkp
Target 21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe
SHA256 0a6be2e573f83f9acac0eaba150f20979b7af6869a907448b4913675f04cc8c0
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0a6be2e573f83f9acac0eaba150f20979b7af6869a907448b4913675f04cc8c0

Threat Level: Shows suspicious behavior

The file 21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

Deletes itself

Loads dropped DLL

Executes dropped EXE

UPX packed file

Unsigned PE

Suspicious behavior: RenamesItself

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:56

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:56

Reported

2024-06-11 00:58

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe

Network

Files

memory/1752-0-0x0000000000400000-0x000000000043D000-memory.dmp

memory/1752-1-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1752-6-0x00000000001B0000-0x00000000001BF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe

MD5 d93e8b422af925c1aecfc9d0b5826c6c
SHA1 7c7f24b20181972ec21f6bc4ab7eda62999e4a65
SHA256 7c666c29e299ee985e61f1689d8b6b9061f30ccb7206b0ec0d0af6340b5c1873
SHA512 1ee7528473d5599651fbd8ee7f176d2df8b4d472f0e522370d39ddf32d8dc6ee9260f66efa25f4cc1eb50f01808f08a97b3ee7c21fa3baa378aa4d2eb2acb917

memory/1752-13-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2124-12-0x0000000000400000-0x000000000043D000-memory.dmp

memory/2124-14-0x00000000000C0000-0x00000000000CF000-memory.dmp

memory/2124-15-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2124-20-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2124-25-0x00000000001D0000-0x00000000001ED000-memory.dmp

memory/2124-26-0x0000000000400000-0x000000000043D000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:56

Reported

2024-06-11 00:58

Platform

win7-20240508-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe

Network

N/A

Files

memory/2932-0-0x0000000000400000-0x000000000043D000-memory.dmp

memory/2932-1-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2932-8-0x0000000000030000-0x000000000003F000-memory.dmp

\Users\Admin\AppData\Local\Temp\21ce6583ce246437629cf939c4c73d30_NeikiAnalytics.exe

MD5 25130233b7778764ce88f184269712a4
SHA1 302e58f5afcfce60ed29330ac00bb562aad6dafb
SHA256 8b21224fd2dcad648c10942020196e1b01ec2470431fa4ee30a463ef193bf893
SHA512 657fcb3f14385ae564b68fbb6c23f55113a1c51588c347e1f144e67a6693eabdfa202febf07ad9431a38657bb5f59da05b150191c89d1518259656a401adc052

memory/2932-12-0x0000000000160000-0x000000000019D000-memory.dmp

memory/2932-15-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2860-17-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2860-22-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2860-27-0x0000000000030000-0x000000000003F000-memory.dmp

memory/2860-28-0x00000000001F0000-0x000000000020D000-memory.dmp

memory/2860-29-0x0000000000400000-0x000000000043D000-memory.dmp