Malware Analysis Report

2024-10-10 12:13

Sample ID 240613-q14vks1emf
Target 81096f10a58062d067859f42d1503350_NeikiAnalytics.exe
SHA256 0debab13cbf7f060f3d4ec826ebabd529fa9c5bd35622800cab2e0475154c5cf
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0debab13cbf7f060f3d4ec826ebabd529fa9c5bd35622800cab2e0475154c5cf

Threat Level: Shows suspicious behavior

The file 81096f10a58062d067859f42d1503350_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

UPX packed file

Deletes itself

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Suspicious behavior: RenamesItself

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:44

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:44

Reported

2024-06-13 13:47

Platform

win7-20240611-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe

Network

N/A

Files

memory/2352-0-0x0000000000400000-0x000000000043D000-memory.dmp

memory/2352-1-0x0000000000030000-0x000000000003F000-memory.dmp

memory/2352-2-0x0000000000400000-0x000000000041D000-memory.dmp

\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe

MD5 ed26d448acc5860b8c2089f22f52d18a
SHA1 ad99140d98243a6552c337612ed8f09a6d677441
SHA256 115e06fb72bfa478abcfa4768b5d90c05d8ea90087f8fc3c3231bd2e77a6ea19
SHA512 b17f371693f937a9f94f744625d5c7f1d26666e32399e528446b6fa1bd42583c9f12e6c8970e110f432f6691013b98425e2eff1967f20426e37cb1f4ac838fc2

memory/2152-16-0x0000000000400000-0x000000000043D000-memory.dmp

memory/2352-15-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2152-17-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2152-22-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2152-27-0x0000000000030000-0x000000000003F000-memory.dmp

memory/2152-28-0x0000000000170000-0x000000000018D000-memory.dmp

memory/2152-29-0x0000000000400000-0x000000000043D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:44

Reported

2024-06-13 13:47

Platform

win10v2004-20240611-en

Max time kernel

125s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1276,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 88.221.83.250:443 www.bing.com tcp
US 8.8.8.8:53 250.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/3276-0-0x0000000000400000-0x000000000043D000-memory.dmp

memory/3276-1-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3276-6-0x00000000000E0000-0x00000000000EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\81096f10a58062d067859f42d1503350_NeikiAnalytics.exe

MD5 0bf2df04d674f845b409846b3385372e
SHA1 873b919363bb4bfcca3567bc22759d374291996a
SHA256 5a7070dc5de9e7f870b0c16e7849032292edd0697e343b91e4e8b064da8b299f
SHA512 177f4572621de90d5f9a5469b559c0cb3c3675dc1eb92a66d5e0229fcbfc2e0fb6d0be0dac88df50209029c92f57daa354792ea98a6a2ee2b9c9b33ef8d3b3b1

memory/2272-12-0x0000000000400000-0x000000000043D000-memory.dmp

memory/3276-13-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2272-15-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2272-19-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2272-25-0x00000000014B0000-0x00000000014CD000-memory.dmp

memory/2272-24-0x0000000000190000-0x000000000019F000-memory.dmp

memory/2272-26-0x0000000000400000-0x000000000043D000-memory.dmp