Malware Analysis Report

2025-04-14 04:41

Sample ID 240612-3qj4mswake
Target 4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe
SHA256 33f9388d75f47b0bc0ac022a5ac6001d624b73969d611140b9c131d53ce4e582
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

33f9388d75f47b0bc0ac022a5ac6001d624b73969d611140b9c131d53ce4e582

Threat Level: Shows suspicious behavior

The file 4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Loads dropped DLL

Enumerates physical storage devices

NSIS installer

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 23:43

Signatures

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 23:43

Reported

2024-06-12 23:45

Platform

win7-20240508-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl.iwin.com udp

Files

\Users\Admin\AppData\Local\Temp\nsi3209.tmp\System.dll

MD5 c17103ae9072a06da581dec998343fc1
SHA1 b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256 dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512 d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

\Users\Admin\AppData\Local\Temp\nsi3209.tmp\NSISdl.dll

MD5 a5f8399a743ab7f9c88c645c35b1ebb5
SHA1 168f3c158913b0367bf79fa413357fbe97018191
SHA256 dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
SHA512 824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 23:43

Reported

2024-06-12 23:45

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl.iwin.com udp

Files

C:\Users\Admin\AppData\Local\Temp\nsk46ED.tmp\System.dll

MD5 c17103ae9072a06da581dec998343fc1
SHA1 b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256 dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512 d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

C:\Users\Admin\AppData\Local\Temp\nsk46ED.tmp\NSISdl.dll

MD5 a5f8399a743ab7f9c88c645c35b1ebb5
SHA1 168f3c158913b0367bf79fa413357fbe97018191
SHA256 dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
SHA512 824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977