Analysis Overview
SHA256
4e6f108a8aca040d8ff8a3fb47ee974e32c6fe3ca5f190ac3de06fda5b0f4f69
Threat Level: Likely benign
The file b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe was found to be: Likely benign.
Malicious Activity Summary
Loads dropped DLL
Detects Pyinstaller
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-19 10:44
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 10:44
Reported
2024-06-19 10:46
Platform
win7-20240611-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Loads dropped DLL
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2176 wrote to memory of 3068 | N/A | C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe |
| PID 2176 wrote to memory of 3068 | N/A | C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe |
| PID 2176 wrote to memory of 3068 | N/A | C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI21762\python38.dll
| MD5 | c0ed63bf515d04803906e1b703e9cb86 |
| SHA1 | 61f9a465d7a782aedfd5e2b1a9dc8bff6c103b5a |
| SHA256 | 24bfc999a733d4759ca40425610555f597b1d015f87ef5f84e15c665297247a4 |
| SHA512 | 78384c34cefc40cb86913dffdc6a360668467731a8a3678d5f8377d8ae63d244b45506b0b6e2498825b53abe8fd84d2b75b3e9fef3703fead90183ace433e70a |
C:\Users\Admin\AppData\Local\Temp\_MEI21762\VCRUNTIME140.dll
| MD5 | 6ba0dbcd2db8f44243799c891dbd2a59 |
| SHA1 | 30a2719d4b8667fd237bcfb781660901c993d9fc |
| SHA256 | 263988a0868053b6b01835cd2959c8f71e3f943610421b269da646f2d9e3b333 |
| SHA512 | 94dea85ef50d55cec0d1bbae4671386ce8ca02e870ce417abfef0a8499fdf0bd0eb5ba38debd07c213f7da39cbea63a18143484b05e9c7ca36b2f68e4520bb4d |
C:\Users\Admin\AppData\Local\Temp\_MEI21762\base_library.zip
| MD5 | f6acf8223a4130669a0f61f39016191a |
| SHA1 | b7e69e96fdb19a92454f491adf3646893e80f896 |
| SHA256 | bedaaa60d9e60b8b12c1698adc9c9aebe9516368d5fa34dd84283abccd111a31 |
| SHA512 | 6d2742d3f758640ec66db207aa957b03088352bbad2fe06b191b0d5073e44f5b9370c16a9279471a49b1918fdaa11c27af4a64da687b84fcdd1b69334b8efe02 |
C:\Users\Admin\AppData\Local\Temp\_MEI21762\_bz2.pyd
| MD5 | 6909da62abc73216883a89a60b66e73b |
| SHA1 | 015eb36344e5f3fe2df467bd47a04bded616b052 |
| SHA256 | 4c22e0d2786dd7e93f55e1f4a1c27d2e141a55682ed2c09b90320817fcf011f9 |
| SHA512 | eddabb51b6092b3c3e3b6968ea831a262f8f5f8a26b1c95badc616ca236d0928aa789334835130ec40137ffc623b5d2031a585e890162b489a26fd990845b63a |
C:\Users\Admin\AppData\Local\Temp\_MEI21762\_lzma.pyd
| MD5 | af8385e0cb374ae6caee59190175dd12 |
| SHA1 | a16d7d021ec3fa31fb1b2ce5929c2d3d4c96d6b8 |
| SHA256 | e414ee3efa6a4e1edf610dd780335ab9372cbe7919a73596bbb267b55ad23999 |
| SHA512 | 3e4e26bbcf14ebcb4faedb8982c46b3f5318c88dd395c668c50e4f5ddbfe6c1836eb49e49e855cc95934e8247e63df0f7543f66e4fe13335558fc21c0c566b5b |
C:\Users\Admin\AppData\Local\Temp\_MEI21762\win32api.pyd
| MD5 | 938235f10520de4169043b4eb20050c8 |
| SHA1 | 02ae94126f79f96feaa60c7bfbcffcc540a84892 |
| SHA256 | a27f2f515bd5b18725e412cfc0d9fa0fb35ad75c037a6d1a66ad891d032a5744 |
| SHA512 | cda79d6e9b0ee7d30ebdb969f56397d01cb43b59e8b86e8f0f04764a5aa6261c691a3bd713ac15ebdf760421588db4fdfcefc019e02cf2df1050c3b6b919baaa |
C:\Users\Admin\AppData\Local\Temp\_MEI21762\pywintypes38.dll
| MD5 | b6edd1f02eda832beaf5be3b87354667 |
| SHA1 | d7ee654a79a8b49adbce5bcdf31f1038004a7f46 |
| SHA256 | 95d8327ef84c8563e476c0f16d21e9a045d04a6987afd4260f97ccc856b08926 |
| SHA512 | fb99baa053504def4da425829501433cf5b9800707705e09e826eda4334d0481bf15ee05836e1c3fd6966970e02d883a173dd71031097ead38c33f6af0b94338 |
C:\Users\Admin\AppData\Local\Temp\_MEI21762\pythoncom38.dll
| MD5 | 05b45f17290a76568c61c0ffcb445b67 |
| SHA1 | c8f39f7d98a29a520f940dafc4d39f1ab0208b0a |
| SHA256 | 8056e931df9a8ba6a3d2def3033361be64a6f81eb5ebc99c3afa4484dfd0e8f3 |
| SHA512 | 80e6e9a7484d6d620a07eed2f8b0adc3190d85f05ae74ba8af111611ec6f394d70a08e8372a51b9dd4ead602c8895f46a91a99c1701e9234f06484d96d3238d7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-19 10:44
Reported
2024-06-19 10:46
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Loads dropped DLL
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1208 wrote to memory of 4540 | N/A | C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe |
| PID 1208 wrote to memory of 4540 | N/A | C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI12082\python38.dll
| MD5 | c0ed63bf515d04803906e1b703e9cb86 |
| SHA1 | 61f9a465d7a782aedfd5e2b1a9dc8bff6c103b5a |
| SHA256 | 24bfc999a733d4759ca40425610555f597b1d015f87ef5f84e15c665297247a4 |
| SHA512 | 78384c34cefc40cb86913dffdc6a360668467731a8a3678d5f8377d8ae63d244b45506b0b6e2498825b53abe8fd84d2b75b3e9fef3703fead90183ace433e70a |
C:\Users\Admin\AppData\Local\Temp\_MEI12082\VCRUNTIME140.dll
| MD5 | 6ba0dbcd2db8f44243799c891dbd2a59 |
| SHA1 | 30a2719d4b8667fd237bcfb781660901c993d9fc |
| SHA256 | 263988a0868053b6b01835cd2959c8f71e3f943610421b269da646f2d9e3b333 |
| SHA512 | 94dea85ef50d55cec0d1bbae4671386ce8ca02e870ce417abfef0a8499fdf0bd0eb5ba38debd07c213f7da39cbea63a18143484b05e9c7ca36b2f68e4520bb4d |
C:\Users\Admin\AppData\Local\Temp\_MEI12082\base_library.zip
| MD5 | f6acf8223a4130669a0f61f39016191a |
| SHA1 | b7e69e96fdb19a92454f491adf3646893e80f896 |
| SHA256 | bedaaa60d9e60b8b12c1698adc9c9aebe9516368d5fa34dd84283abccd111a31 |
| SHA512 | 6d2742d3f758640ec66db207aa957b03088352bbad2fe06b191b0d5073e44f5b9370c16a9279471a49b1918fdaa11c27af4a64da687b84fcdd1b69334b8efe02 |
C:\Users\Admin\AppData\Local\Temp\_MEI12082\_bz2.pyd
| MD5 | 6909da62abc73216883a89a60b66e73b |
| SHA1 | 015eb36344e5f3fe2df467bd47a04bded616b052 |
| SHA256 | 4c22e0d2786dd7e93f55e1f4a1c27d2e141a55682ed2c09b90320817fcf011f9 |
| SHA512 | eddabb51b6092b3c3e3b6968ea831a262f8f5f8a26b1c95badc616ca236d0928aa789334835130ec40137ffc623b5d2031a585e890162b489a26fd990845b63a |
C:\Users\Admin\AppData\Local\Temp\_MEI12082\_lzma.pyd
| MD5 | af8385e0cb374ae6caee59190175dd12 |
| SHA1 | a16d7d021ec3fa31fb1b2ce5929c2d3d4c96d6b8 |
| SHA256 | e414ee3efa6a4e1edf610dd780335ab9372cbe7919a73596bbb267b55ad23999 |
| SHA512 | 3e4e26bbcf14ebcb4faedb8982c46b3f5318c88dd395c668c50e4f5ddbfe6c1836eb49e49e855cc95934e8247e63df0f7543f66e4fe13335558fc21c0c566b5b |
C:\Users\Admin\AppData\Local\Temp\_MEI12082\pywintypes38.dll
| MD5 | b6edd1f02eda832beaf5be3b87354667 |
| SHA1 | d7ee654a79a8b49adbce5bcdf31f1038004a7f46 |
| SHA256 | 95d8327ef84c8563e476c0f16d21e9a045d04a6987afd4260f97ccc856b08926 |
| SHA512 | fb99baa053504def4da425829501433cf5b9800707705e09e826eda4334d0481bf15ee05836e1c3fd6966970e02d883a173dd71031097ead38c33f6af0b94338 |
C:\Users\Admin\AppData\Local\Temp\_MEI12082\pythoncom38.dll
| MD5 | 05b45f17290a76568c61c0ffcb445b67 |
| SHA1 | c8f39f7d98a29a520f940dafc4d39f1ab0208b0a |
| SHA256 | 8056e931df9a8ba6a3d2def3033361be64a6f81eb5ebc99c3afa4484dfd0e8f3 |
| SHA512 | 80e6e9a7484d6d620a07eed2f8b0adc3190d85f05ae74ba8af111611ec6f394d70a08e8372a51b9dd4ead602c8895f46a91a99c1701e9234f06484d96d3238d7 |
C:\Users\Admin\AppData\Local\Temp\_MEI12082\win32api.pyd
| MD5 | 938235f10520de4169043b4eb20050c8 |
| SHA1 | 02ae94126f79f96feaa60c7bfbcffcc540a84892 |
| SHA256 | a27f2f515bd5b18725e412cfc0d9fa0fb35ad75c037a6d1a66ad891d032a5744 |
| SHA512 | cda79d6e9b0ee7d30ebdb969f56397d01cb43b59e8b86e8f0f04764a5aa6261c691a3bd713ac15ebdf760421588db4fdfcefc019e02cf2df1050c3b6b919baaa |