Malware Analysis Report

2024-11-16 11:39

Sample ID 240612-jzbdbavfrh
Target 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe
SHA256 5cc5e921776219318de4b63bdca08467dcdebe9730d17c91db781cfe05b935a3
Tags
upx xmrig miner
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5cc5e921776219318de4b63bdca08467dcdebe9730d17c91db781cfe05b935a3

Threat Level: Known bad

The file 2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx xmrig miner

xmrig

XMRig Miner payload

UPX packed file

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 08:05

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 08:05

Reported

2024-06-12 08:08

Platform

win7-20240611-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 eu.minerpool.pw udp
NL 91.92.248.9:443 eu.minerpool.pw tcp

Files

memory/2452-0-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-1-0x00000000002E0000-0x0000000000300000-memory.dmp

memory/2452-3-0x0000000001DC0000-0x0000000001DE0000-memory.dmp

memory/2452-2-0x0000000001DE0000-0x0000000001E00000-memory.dmp

memory/2452-4-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-5-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-7-0x0000000001DC0000-0x0000000001DE0000-memory.dmp

memory/2452-6-0x0000000001DE0000-0x0000000001E00000-memory.dmp

memory/2452-8-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-9-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-10-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-11-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-12-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-13-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-14-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-15-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-16-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-17-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-18-0x000000013F3C0000-0x000000013FB05000-memory.dmp

memory/2452-19-0x000000013F3C0000-0x000000013FB05000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 08:05

Reported

2024-06-12 08:08

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2a2dcd8f38f118d4d1991aca81bfbf90_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 eu.minerpool.pw udp
RO 185.10.68.123:443 eu.minerpool.pw tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.192:443 www.bing.com tcp
US 8.8.8.8:53 192.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 123.68.10.185.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp

Files

memory/4184-0-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-1-0x000001853B8D0000-0x000001853B8F0000-memory.dmp

memory/4184-2-0x000001853D310000-0x000001853D330000-memory.dmp

memory/4184-3-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-5-0x000001853D350000-0x000001853D370000-memory.dmp

memory/4184-4-0x000001853D330000-0x000001853D350000-memory.dmp

memory/4184-6-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-7-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-8-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-9-0x000001853D330000-0x000001853D350000-memory.dmp

memory/4184-10-0x000001853D350000-0x000001853D370000-memory.dmp

memory/4184-11-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-12-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-13-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-14-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-15-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-16-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-17-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-18-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-19-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp

memory/4184-20-0x00007FF75DA60000-0x00007FF75E1A5000-memory.dmp