Analysis Overview
SHA256
bd90b615d1abf37dea447cbac47dc43769ed1092ea453dbe3cfe4798a15fa4d8
Threat Level: Shows suspicious behavior
The file 818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:50
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:50
Reported
2024-06-13 13:53
Platform
win7-20240611-en
Max time kernel
140s
Max time network
121s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1460-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1460-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1460-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-UBge6aVWzdlv1us4.exe
| MD5 | 8eb48cc70e52e8f81b3e2196819d83b9 |
| SHA1 | 7d21edfcfd4be66edde607eb3d57e1b0ef0f8fb9 |
| SHA256 | ee5255bccc4f98ef1e422eb423c62f615c70dac8490ed323cf6b9b6231a72d03 |
| SHA512 | 499a53b39a1569b3eb7c6ad6ad52a76c9657dbd5cf728ac7c1af1ac520df275c72c13f87045ca4c5447eb0825dde70ad85c08a462f6f07c0b5efd294b9246383 |
memory/1460-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1460-21-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1460-28-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:50
Reported
2024-06-13 13:53
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\818748e1a6211e0dbe393bd1ba0f0b00_NeikiAnalytics.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3940 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | tcp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
memory/4296-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4296-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4296-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-Sasspx5jAXiTcXy6.exe
| MD5 | 26eb740895a04beb9da1d4147077a12a |
| SHA1 | e33af815be3a0744efd1ea350cae0fc712507b5c |
| SHA256 | c8af3a1d09c434f1149c2420483958566e48775fae144980309e84ee70267e70 |
| SHA512 | 73a441cc91359cd53471d3b3b2957e806ae934bdc7ba11c1e834779ae002b8740e1d4b040f907a0471fea2e4648815039803ba276242e332485ea8faaef39a5b |
memory/4296-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4296-22-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4296-29-0x0000000000400000-0x000000000042A000-memory.dmp