Malware Analysis Report

2024-10-10 12:13

Sample ID 240613-q5mrvswaqk
Target 818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe
SHA256 bd90b615d1abf37dea447cbac47dc43769ed1092ea453dbe3cfe4798a15fa4d8
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

bd90b615d1abf37dea447cbac47dc43769ed1092ea453dbe3cfe4798a15fa4d8

Threat Level: Shows suspicious behavior

The file 818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

UPX packed file

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:50

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:50

Reported

2024-06-13 13:53

Platform

win7-20240611-en

Max time kernel

140s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/1460-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1460-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1460-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-UBge6aVWzdlv1us4.exe

MD5 8eb48cc70e52e8f81b3e2196819d83b9
SHA1 7d21edfcfd4be66edde607eb3d57e1b0ef0f8fb9
SHA256 ee5255bccc4f98ef1e422eb423c62f615c70dac8490ed323cf6b9b6231a72d03
SHA512 499a53b39a1569b3eb7c6ad6ad52a76c9657dbd5cf728ac7c1af1ac520df275c72c13f87045ca4c5447eb0825dde70ad85c08a462f6f07c0b5efd294b9246383

memory/1460-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1460-21-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1460-28-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:50

Reported

2024-06-13 13:53

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3940 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp

Files

memory/4296-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4296-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4296-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-Sasspx5jAXiTcXy6.exe

MD5 26eb740895a04beb9da1d4147077a12a
SHA1 e33af815be3a0744efd1ea350cae0fc712507b5c
SHA256 c8af3a1d09c434f1149c2420483958566e48775fae144980309e84ee70267e70
SHA512 73a441cc91359cd53471d3b3b2957e806ae934bdc7ba11c1e834779ae002b8740e1d4b040f907a0471fea2e4648815039803ba276242e332485ea8faaef39a5b

memory/4296-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4296-22-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4296-29-0x0000000000400000-0x000000000042A000-memory.dmp