Malware Analysis Report

2025-01-18 00:15

Sample ID 240613-qhllaazgla
Target 7f10d71541199b1d725c26004c7a6a00_NeikiAnalytics.exe
SHA256 046bf7f8b60340dbffaed0026c565d83ae250b288e05f6e45d2dfc0564a60ba1
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

046bf7f8b60340dbffaed0026c565d83ae250b288e05f6e45d2dfc0564a60ba1

Threat Level: Likely benign

The file 7f10d71541199b1d725c26004c7a6a00_NeikiAnalytics.exe was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:15

Reported

2024-06-13 13:18

Platform

win7-20240221-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7f10d71541199b1d725c26004c7a6a00_NeikiAnalytics.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7f10d71541199b1d725c26004c7a6a00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7f10d71541199b1d725c26004c7a6a00_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.qq5.com udp

Files

C:\Users\Admin\AppData\Local\Temp\GM~EEF.tmp

MD5 973d325f91f57e673c89f40eb69fd521
SHA1 717ecd6ed17bbd72f360c1e2e7667db35e29289c
SHA256 598505f93c976d99308f904c6500126dc00b2d06191330dff3ab45c0021cb7a4
SHA512 3e7b545c75429a0f3c8632a565a82601e76cee520a1e395eb372425fc8175f11af58e7f3aecd8cb9a163a35e161336fe4acf751bde95eb47bcc32c738e9d98b6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:15

Reported

2024-06-13 13:18

Platform

win10v2004-20240611-en

Max time kernel

93s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7f10d71541199b1d725c26004c7a6a00_NeikiAnalytics.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7f10d71541199b1d725c26004c7a6a00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7f10d71541199b1d725c26004c7a6a00_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.qq5.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
BE 88.221.83.186:443 www.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 186.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 217.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\GM~4F39.tmp

MD5 973d325f91f57e673c89f40eb69fd521
SHA1 717ecd6ed17bbd72f360c1e2e7667db35e29289c
SHA256 598505f93c976d99308f904c6500126dc00b2d06191330dff3ab45c0021cb7a4
SHA512 3e7b545c75429a0f3c8632a565a82601e76cee520a1e395eb372425fc8175f11af58e7f3aecd8cb9a163a35e161336fe4acf751bde95eb47bcc32c738e9d98b6