Malware Analysis Report

2025-01-18 00:52

Sample ID 240613-rfm7rssbmb
Target 827f2ccdc2fca458fa61f43186333460_NeikiAnalytics.exe
SHA256 5484d905819a5ed48da3de69cc86fb3d48528793882a9d70538fa9be26629274
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5484d905819a5ed48da3de69cc86fb3d48528793882a9d70538fa9be26629274

Threat Level: Shows suspicious behavior

The file 827f2ccdc2fca458fa61f43186333460_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Deletes itself

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:08

Reported

2024-06-13 14:10

Platform

win7-20240508-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\827f2ccdc2fca458fa61f43186333460_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\827f2ccdc2fca458fa61f43186333460_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\827f2ccdc2fca458fa61f43186333460_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\27CC.tmp

"C:\Users\Admin\AppData\Local\Temp\27CC.tmp" --splashC:\Users\Admin\AppData\Local\Temp\827f2ccdc2fca458fa61f43186333460_NeikiAnalytics.exe 468D092F050E1BE1E2EA5C88032858EDE63CDF2282A9E82E18898BE45021BBBA69E07F341D2F79F429BCE961BB4D26A15CEC4C62BED5C9F4AEA39805B8ACD3B4

Network

N/A

Files

memory/1900-0-0x0000000000400000-0x0000000000849000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\27CC.tmp

MD5 ce32a4704dd0b11d99ec8b55e6da3d66
SHA1 053402ef498a922622cf0e889b43eea47f7e340c
SHA256 0d86bbd8d6bb470e349c503cbbec0cba1f8f9331078cb1e08bf408d84d2cd411
SHA512 ad4c5c48ba86e0ebe27f75db644d69b6ee3f0bc36090e014feaadfc58ebc75f40ca2cffc05b628146325ec374c624ef29c92e9d158cb000e967f8cbe955e5ae6

memory/2388-9-0x0000000000400000-0x0000000000849000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 14:08

Reported

2024-06-13 14:10

Platform

win10v2004-20240611-en

Max time kernel

93s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\827f2ccdc2fca458fa61f43186333460_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\827f2ccdc2fca458fa61f43186333460_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\827f2ccdc2fca458fa61f43186333460_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\376B.tmp

"C:\Users\Admin\AppData\Local\Temp\376B.tmp" --splashC:\Users\Admin\AppData\Local\Temp\827f2ccdc2fca458fa61f43186333460_NeikiAnalytics.exe 788D77C021F71BAA40425041F03B1E4092E30FF644EC306A378CDF3A0FEF9176EEE82822D5A40A2C76E8E377AE6A928F88CB05F808DC3555851B57F318144B35

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
BE 88.221.83.201:443 www.bing.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 201.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

memory/3936-0-0x0000000000400000-0x0000000000849000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\376B.tmp

MD5 d5051e8b609091ab37701556cb223f5b
SHA1 2859342a5fa2c7533e718a68fd0196512b7615b2
SHA256 53ad66fec2902d341d7f8fa7355f0ed97c837557d6b9b3ae0dccb82973919259
SHA512 975afe3d06950982cdb0a44bfb0b527389e7e35fc8f3f4c2358f006ee8ddf601e9331097fdb4cc22627c7c0c1ec713b06d2fcecde50ae11fb156ff75a49107ab

memory/3228-5-0x0000000000400000-0x0000000000849000-memory.dmp