Analysis Overview
SHA256
ceb5ff681ff1a0efbecc07b27adf93395a350dc25947a478eeda87857ea2e350
Threat Level: Shows suspicious behavior
The file 706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:26
Reported
2024-06-13 09:29
Platform
win7-20240221-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1936 wrote to memory of 2524 | N/A | C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe |
| PID 1936 wrote to memory of 2524 | N/A | C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe |
| PID 1936 wrote to memory of 2524 | N/A | C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe |
| PID 1936 wrote to memory of 2524 | N/A | C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe
"C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe"
Network
Files
memory/1936-0-0x0000000074A91000-0x0000000074A92000-memory.dmp
memory/1936-1-0x0000000074A90000-0x000000007503B000-memory.dmp
memory/1936-2-0x0000000074A90000-0x000000007503B000-memory.dmp
\Users\Admin\AppData\Local\Temp\Game\divisors.exe
| MD5 | 705e55badffd5265fe69598c7e7ac059 |
| SHA1 | 1ecc79a6999befb9bdbe08ba965ea5038c3dabb5 |
| SHA256 | 56ed4528aaa045c8275472cfe47e25d84e317af7cbe0f94b6dbb5e31e565dfd6 |
| SHA512 | a5243cb450ee84bdb72e7259c48ce9da5b263fb4b3821e862b3942cce5d0e457b65a964b89d66b94f463e24697ef3b5b38dafdcf2ae3a5e78cb6aebc22b9891e |
memory/1936-8-0x0000000074A90000-0x000000007503B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:26
Reported
2024-06-13 09:29
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3436 wrote to memory of 228 | N/A | C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe |
| PID 3436 wrote to memory of 228 | N/A | C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\706da89ffa9db3764d8891e17980d1f0_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe
"C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/3436-0-0x00000000745B2000-0x00000000745B3000-memory.dmp
memory/3436-1-0x00000000745B0000-0x0000000074B61000-memory.dmp
memory/3436-2-0x00000000745B0000-0x0000000074B61000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Game\divisors.exe
| MD5 | 705e55badffd5265fe69598c7e7ac059 |
| SHA1 | 1ecc79a6999befb9bdbe08ba965ea5038c3dabb5 |
| SHA256 | 56ed4528aaa045c8275472cfe47e25d84e317af7cbe0f94b6dbb5e31e565dfd6 |
| SHA512 | a5243cb450ee84bdb72e7259c48ce9da5b263fb4b3821e862b3942cce5d0e457b65a964b89d66b94f463e24697ef3b5b38dafdcf2ae3a5e78cb6aebc22b9891e |
memory/3436-11-0x00000000745B0000-0x0000000074B61000-memory.dmp