Malware Analysis Report

2025-01-18 01:36

Sample ID 240613-jyhe8szgjh
Target 6b62d708eb847e9881045eaf31e4aef0_NeikiAnalytics.exe
SHA256 bf087b2c78b284f4ca9e95732fa2b881abb0714b1f983b31071ab59752cb18f3
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

bf087b2c78b284f4ca9e95732fa2b881abb0714b1f983b31071ab59752cb18f3

Threat Level: Shows suspicious behavior

The file 6b62d708eb847e9881045eaf31e4aef0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Deletes itself

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:04

Reported

2024-06-13 08:07

Platform

win7-20240221-en

Max time kernel

119s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b62d708eb847e9881045eaf31e4aef0_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\6b62d708eb847e9881045eaf31e4aef0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6b62d708eb847e9881045eaf31e4aef0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\148A.tmp

"C:\Users\Admin\AppData\Local\Temp\148A.tmp"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\148A.tmp

MD5 2920a5f1aa2cd0ddaf5aeefa506e18ab
SHA1 9361f614dba093f2f897f7031c1fa90b77ab1836
SHA256 6055238eb581b4eb3ae6679607e5bcbe5f7e994131bc10774b96658f441b5399
SHA512 11dcdb05e75f2baa9945af650501a3631d4c7e110cd68aa246357afee9efc5bdbe7d3fbd1892c8a0df67b84414a58873a72c793754a23a3008d72c8eee58d6d5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:04

Reported

2024-06-13 08:07

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b62d708eb847e9881045eaf31e4aef0_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\6b62d708eb847e9881045eaf31e4aef0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6b62d708eb847e9881045eaf31e4aef0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\EC73.tmp

"C:\Users\Admin\AppData\Local\Temp\EC73.tmp"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4048,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\EC73.tmp

MD5 0cfd3aa482ccc2a54c1e6f7e4293826a
SHA1 140fd4056efbe133fbcd39f989aaab816eec173e
SHA256 b0a10793d4c845718c1ec2c561044d23a0a905ceac6d06dcab420ca95ce38661
SHA512 16dc693867b0b1f6156949a01853d8ded47198c1522cadaa61bfa2961b08a08ba53fceac1ebc7df0fee425cae9bfd8622f2b4543ad8808e2d7d4ae608fa5e29d