Analysis Overview
SHA256
6cb8b68ee6a31233c2bba4bac31cfb382caa4ab65fc83b70a2b84a89e48a62a2
Threat Level: Shows suspicious behavior
The file 049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Loads dropped DLL
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 11:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 11:00
Reported
2024-06-14 11:03
Platform
win10v2004-20240611-en
Max time kernel
131s
Max time network
147s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | master.etl.desktop.qq.com | udp |
| US | 8.8.8.8:53 | c.gj.qq.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| CN | 157.255.4.39:443 | master.etl.desktop.qq.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| HK | 43.135.106.117:80 | c.gj.qq.com | tcp |
| HK | 43.135.106.117:80 | c.gj.qq.com | tcp |
| NL | 23.62.61.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | oth.eve.mdt.qq.com | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.106.135.43.in-addr.arpa | udp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| US | 8.8.8.8:53 | 68.47.33.101.in-addr.arpa | udp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| US | 8.8.8.8:53 | dlied6.qq.com | udp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| CN | 122.189.171.73:80 | dlied6.qq.com | tcp |
| CN | 157.255.4.39:443 | master.etl.desktop.qq.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| CN | 42.56.64.52:80 | dlied6.qq.com | tcp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| CN | 211.93.212.206:80 | dlied6.qq.com | tcp |
| CN | 157.255.4.39:443 | master.etl.desktop.qq.com | tcp |
| US | 8.8.8.8:53 | dlied6.qq.com | udp |
| CN | 211.93.212.206:80 | dlied6.qq.com | tcp |
| CN | 157.255.4.39:443 | master.etl.desktop.qq.com | tcp |
| CN | 122.189.171.73:80 | dlied6.qq.com | tcp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| CN | 115.56.90.107:80 | dlied6.qq.com | tcp |
| US | 8.8.8.8:53 | dlied6.qq.com | udp |
| CN | 42.56.64.52:443 | dlied6.qq.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\TencentDownload\~e573345\QQPCDownload.dll
| MD5 | 9d44d2a1e8c988979a2f7d77a4f038fa |
| SHA1 | d91d84512e7ce2957f2b4e6fc2d97d04ba7f1557 |
| SHA256 | fd1af002dd83bb74d244414df2bd90553050486671410aec2a9dea729114aa2f |
| SHA512 | 4d14b1099e5104ee9b853b2201c08fef8fff16953e530b19c18df73e0fb2bb8f018b10c1070c37420f63156fb9b203bbce3f90d1f4c2fee7a9f7a2a7fc33d657 |
C:\ProgramData\Tencent\DeskUpdate\Guid.db
| MD5 | 2d5e50a755df0fcd330f74ab54d023cd |
| SHA1 | 9effdcf0484faf627c42685e4a00614ee3568c54 |
| SHA256 | c1e51cd97f8537ab2d417486a601f8e267077058ddee2cf3326a26fe1e22baeb |
| SHA512 | d58e02fbf10d2fe69bb5be7ea2134835e7b3003a9c3085425474e33566447a4305adde4c28d920837603c3968b7d7b62d9555d4b4bb565eb667ec369d9030d64 |
C:\ProgramData\Tencent\DeskUpdate\GuidInfo.db
| MD5 | af821c527d4ac8a247d7dad165ca3cab |
| SHA1 | a969dc01c12369f3e836ba240e4b37168c56c930 |
| SHA256 | 20ee2d553faaa580224133a8ec72303ee772e277af415db2dab357a74e835b00 |
| SHA512 | ff3391504a98e2ef0e576cd09d18591ee8b2ced2d01db99f4f144ad578cb4abfd72c075eeeb3879a5bfa387e7710c8408a3f171a8ac316f9d64813ddd75f6485 |
C:\ProgramData\Tencent\DeskUpdate\GuidList.db
| MD5 | b2da859b4807071972e7b7a5d86a583e |
| SHA1 | 6e458089c7bb7d8d98e175a2c6b94d8a4e7d5c38 |
| SHA256 | 164b1f18d8fe4ae5b99f2e15adce96532c75096cb5dcfec120c042a837a932dd |
| SHA512 | 6422140ac2a84200d40d9494fd73213a752696ea04a29717096150c15f42e56f8b539d0d1de973eec16ffeaba54437baa200cfe2834eb1e8308e2d5cead2ebf4 |
C:\Users\Admin\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db
| MD5 | 7716cbade8ff3f8e277a987b256ad0bc |
| SHA1 | 8c3105caf7986b7d103acf7ea97be06fd21e28a5 |
| SHA256 | 654b1897d84e2731cf5b00e67e7606e0347ac90ddb0dc27991518b11faf3ef6b |
| SHA512 | 452b8914188235c40c14a9d07b51c0d1a105cf536b67dad4f291aa3dc0e6996a7c33201c06b0142a2c3f536fd7c0011a78d9834c8bef67b45d76899c25736ed1 |
C:\Users\Admin\AppData\Local\Temp\TencentDownload\~e573345\beacon_sdk.dll
| MD5 | 573ec741ba9393c06292c329ca78e50c |
| SHA1 | 8f7956a1f2a40af28f0f470b82a90042bdfd836c |
| SHA256 | 0118930d91b51e6e4dfea02c4b81c152cbb848e227c02a1dcdc0909b167fdad0 |
| SHA512 | 741574fecb16a6581c1a8d5fb412752915dc02a0f8b8a485a8fdf0d71005851c5fa6710fba242234a5a9ef250d3d85aff24af7492a16922351ec783d5b9d19cd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 11:00
Reported
2024-06-14 11:03
Platform
win11-20240611-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\049264b4bf5eb0b7ea8fe9c113be6d90_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | master.etl.desktop.qq.com | udp |
| US | 8.8.8.8:53 | c.gj.qq.com | udp |
| CN | 157.255.4.39:443 | master.etl.desktop.qq.com | tcp |
| HK | 43.135.106.184:80 | c.gj.qq.com | tcp |
| HK | 43.135.106.184:80 | c.gj.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| CN | 122.189.171.73:80 | dlied6.qq.com | tcp |
| CN | 157.255.4.39:443 | master.etl.desktop.qq.com | tcp |
| CN | 211.93.212.206:80 | dlied6.qq.com | tcp |
| CN | 122.188.37.244:80 | dlied6.qq.com | tcp |
| CN | 157.255.4.39:443 | master.etl.desktop.qq.com | tcp |
| CN | 122.189.171.73:80 | dlied6.qq.com | tcp |
| CN | 157.255.4.39:443 | master.etl.desktop.qq.com | tcp |
| CN | 211.93.212.206:80 | dlied6.qq.com | tcp |
| CN | 122.188.37.244:80 | dlied6.qq.com | tcp |
| CN | 122.189.171.73:443 | dlied6.qq.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\TencentDownload\~e57378b\QQPCDownload.dll
| MD5 | 9d44d2a1e8c988979a2f7d77a4f038fa |
| SHA1 | d91d84512e7ce2957f2b4e6fc2d97d04ba7f1557 |
| SHA256 | fd1af002dd83bb74d244414df2bd90553050486671410aec2a9dea729114aa2f |
| SHA512 | 4d14b1099e5104ee9b853b2201c08fef8fff16953e530b19c18df73e0fb2bb8f018b10c1070c37420f63156fb9b203bbce3f90d1f4c2fee7a9f7a2a7fc33d657 |
C:\ProgramData\Tencent\DeskUpdate\Guid.db
| MD5 | fb4e548725f4ebaf6bc11dfa325edf47 |
| SHA1 | ba121baf2a7d530a03cff2444f328c533ba40e02 |
| SHA256 | 5087bc3b5b154c14d6507a1c288052a5ae9a256038c65f0acfab9854d0f17357 |
| SHA512 | 8bcae49a525a0c2baa6a008c7fcbb5fec9e6d6a5ef58e5b77b4593607548f7c924eeec9e3d06254fac9b96c6c1f38c13559be2aa5e5c33de3b2f4fde7b61f4e7 |
C:\ProgramData\Tencent\DeskUpdate\GuidInfo.db
| MD5 | 280b68d86aeb8e3d733a05af974613fd |
| SHA1 | 3b19e474d2f8660a44a47e19c92b9a8d174ab79d |
| SHA256 | 41b74290367f443ea2fb9f7c8663dbf9524a6cb9bd1f49aeb2c6825fa14c6777 |
| SHA512 | 8f68da265df7169a9b8a9973242d01c0516979a29a98888304818b95b64576cb2e96b2bf2163f9525f8e848916a77442ed89a328b1f46c343682e540d8e53eff |
C:\Users\Admin\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db
| MD5 | 7132aa5b44e6db59fed194d032e27f35 |
| SHA1 | d489a1d1921e4936fe897adbb711d067f0fa7c0e |
| SHA256 | 8a6e8a4b65c5d2e096d675788aba40e1a7a08b7fc6757e1b8a7bbeaea55cbb91 |
| SHA512 | 897bd105b8647a6a985d2c96a647ff55fcabf9cb8aae359161eac86a6d9f5cb2189b33b2de209b2fc49e2986438b5189e8176bcdc6974a08ab9cb4b661a2ebb3 |
C:\ProgramData\Tencent\DeskUpdate\GuidReport.dat
| MD5 | b31dad42f37b6b8ab277601b977edda6 |
| SHA1 | b66f746516e6f194b026e30840171269954c3844 |
| SHA256 | 8ccb71878ef1b25f1ba942686d33a54d00b490b646dbd152ca178aa2edb289f5 |
| SHA512 | e36ec1c7ec44ab92161499d262fbdc8644898f531c65a02e0a4d5a8d40710a8a560c510e035d3193f7669e387aa11a4e58fd443c9f3a59145fa411e92b67883b |
C:\Users\Admin\AppData\Local\Temp\TencentDownload\~e57378b\beacon_sdk.dll
| MD5 | 573ec741ba9393c06292c329ca78e50c |
| SHA1 | 8f7956a1f2a40af28f0f470b82a90042bdfd836c |
| SHA256 | 0118930d91b51e6e4dfea02c4b81c152cbb848e227c02a1dcdc0909b167fdad0 |
| SHA512 | 741574fecb16a6581c1a8d5fb412752915dc02a0f8b8a485a8fdf0d71005851c5fa6710fba242234a5a9ef250d3d85aff24af7492a16922351ec783d5b9d19cd |