Analysis Overview
SHA256
33f9388d75f47b0bc0ac022a5ac6001d624b73969d611140b9c131d53ce4e582
Threat Level: Shows suspicious behavior
The file 4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Enumerates physical storage devices
NSIS installer
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:43
Signatures
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:43
Reported
2024-06-12 23:45
Platform
win7-20240508-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl.iwin.com | udp |
Files
\Users\Admin\AppData\Local\Temp\nsi3209.tmp\System.dll
| MD5 | c17103ae9072a06da581dec998343fc1 |
| SHA1 | b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d |
| SHA256 | dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f |
| SHA512 | d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f |
\Users\Admin\AppData\Local\Temp\nsi3209.tmp\NSISdl.dll
| MD5 | a5f8399a743ab7f9c88c645c35b1ebb5 |
| SHA1 | 168f3c158913b0367bf79fa413357fbe97018191 |
| SHA256 | dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9 |
| SHA512 | 824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:43
Reported
2024-06-12 23:45
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d73e7f81c86ce306c1117c592e281e0_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl.iwin.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsk46ED.tmp\System.dll
| MD5 | c17103ae9072a06da581dec998343fc1 |
| SHA1 | b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d |
| SHA256 | dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f |
| SHA512 | d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f |
C:\Users\Admin\AppData\Local\Temp\nsk46ED.tmp\NSISdl.dll
| MD5 | a5f8399a743ab7f9c88c645c35b1ebb5 |
| SHA1 | 168f3c158913b0367bf79fa413357fbe97018191 |
| SHA256 | dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9 |
| SHA512 | 824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977 |