Analysis Overview
SHA256
3c7045392623b0c3e59214eeb765f9b8f903d3dcd1662e865ff1afe67714e725
Threat Level: Shows suspicious behavior
The file 957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Deletes itself
Executes dropped EXE
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-14 01:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 01:02
Reported
2024-06-14 01:05
Platform
win7-20240611-en
Max time kernel
119s
Max time network
126s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9F2C.tmp | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9F2C.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2912 wrote to memory of 2068 | N/A | C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\9F2C.tmp |
| PID 2912 wrote to memory of 2068 | N/A | C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\9F2C.tmp |
| PID 2912 wrote to memory of 2068 | N/A | C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\9F2C.tmp |
| PID 2912 wrote to memory of 2068 | N/A | C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\9F2C.tmp |
Processes
C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\9F2C.tmp
"C:\Users\Admin\AppData\Local\Temp\9F2C.tmp" --splashC:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe F71C25DA582C3DD981A9F2869B556BAFFD913425CD15544A5466091A868E2F7D8F5B78B01ED373645AD30B4AA78E72AD2B1E72083525B2868E24D83B304EA904
Network
Files
memory/2912-0-0x0000000000400000-0x0000000000849000-memory.dmp
\Users\Admin\AppData\Local\Temp\9F2C.tmp
| MD5 | 4bbab02fc85e193f5bba464ea365b269 |
| SHA1 | 3f43047e42c9dc04c03bd6e826faaced10909612 |
| SHA256 | 69c61fb36b80d68bcac1ecd0ee4d6c195ef2b81eeed729d681d17574a57f90b0 |
| SHA512 | 14966b8017369f333f43d5fb0b83c282d253cf1fdf7931280a4470a8a33faa93d4c7633b999699aa7a842a2dfbac310dd3cad615d72e413e9171dd600bc87adf |
memory/2068-9-0x0000000000400000-0x0000000000849000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 01:02
Reported
2024-06-14 01:04
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3875.tmp | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3875.tmp | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 548 wrote to memory of 2536 | N/A | C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\3875.tmp |
| PID 548 wrote to memory of 2536 | N/A | C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\3875.tmp |
| PID 548 wrote to memory of 2536 | N/A | C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\3875.tmp |
Processes
C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\3875.tmp
"C:\Users\Admin\AppData\Local\Temp\3875.tmp" --splashC:\Users\Admin\AppData\Local\Temp\957ff1d3134c41958de1abbdd2bdcd00_NeikiAnalytics.exe 8D6178E600E88BE418EE37A2B785583042347FCB45BE59D1D1A09C8F2C608AF2421F2FB447E45EC90F9ED6288DA32CF344232E912CBCCEFFF4F01A598A7EF3B7
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/548-0-0x0000000000400000-0x0000000000849000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3875.tmp
| MD5 | 44526fd6d204fefdbe9c568e76185f29 |
| SHA1 | 7de3b62778d0ee332c12c1e058baf55e001b5176 |
| SHA256 | fe64e66b0f25b646f1bab3802d9e18e9da42a7b54a610f9115ff54681f38c055 |
| SHA512 | c4bcbe884334eba4e94f2f65d8c38de1341d4c8e1a750c27384a8f32d9e12a07debb57b04ef825ad3bf4dad4aa72c9dab9c43dc59f1b7b72d25f05854d44f193 |
memory/2536-5-0x0000000000400000-0x0000000000849000-memory.dmp