Malware Analysis Report

2025-08-05 16:29

Sample ID 240614-bdybysyemg
Target 957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe
SHA256 3c7045392623b0c3e59214eeb765f9b8f903d3dcd1662e865ff1afe67714e725
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

3c7045392623b0c3e59214eeb765f9b8f903d3dcd1662e865ff1afe67714e725

Threat Level: Shows suspicious behavior

The file 957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Loads dropped DLL

Deletes itself

Executes dropped EXE

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:02

Reported

2024-06-14 01:05

Platform

win7-20240611-en

Max time kernel

119s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\9F2C.tmp

"C:\Users\Admin\AppData\Local\Temp\9F2C.tmp" --splashC:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe F71C25DA582C3DD981A9F2869B556BAFFD913425CD15544A5466091A868E2F7D8F5B78B01ED373645AD30B4AA78E72AD2B1E72083525B2868E24D83B304EA904

Network

N/A

Files

memory/2912-0-0x0000000000400000-0x0000000000849000-memory.dmp

\Users\Admin\AppData\Local\Temp\9F2C.tmp

MD5 4bbab02fc85e193f5bba464ea365b269
SHA1 3f43047e42c9dc04c03bd6e826faaced10909612
SHA256 69c61fb36b80d68bcac1ecd0ee4d6c195ef2b81eeed729d681d17574a57f90b0
SHA512 14966b8017369f333f43d5fb0b83c282d253cf1fdf7931280a4470a8a33faa93d4c7633b999699aa7a842a2dfbac310dd3cad615d72e413e9171dd600bc87adf

memory/2068-9-0x0000000000400000-0x0000000000849000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:02

Reported

2024-06-14 01:04

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\3875.tmp

"C:\Users\Admin\AppData\Local\Temp\3875.tmp" --splashC:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe 8D6178E600E88BE418EE37A2B785583042347FCB45BE59D1D1A09C8F2C608AF2421F2FB447E45EC90F9ED6288DA32CF344232E912CBCCEFFF4F01A598A7EF3B7

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/548-0-0x0000000000400000-0x0000000000849000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3875.tmp

MD5 44526fd6d204fefdbe9c568e76185f29
SHA1 7de3b62778d0ee332c12c1e058baf55e001b5176
SHA256 fe64e66b0f25b646f1bab3802d9e18e9da42a7b54a610f9115ff54681f38c055
SHA512 c4bcbe884334eba4e94f2f65d8c38de1341d4c8e1a750c27384a8f32d9e12a07debb57b04ef825ad3bf4dad4aa72c9dab9c43dc59f1b7b72d25f05854d44f193

memory/2536-5-0x0000000000400000-0x0000000000849000-memory.dmp