Malware Analysis Report

2024-11-15 07:46

Sample ID 240619-msx6aatbmq
Target b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe
SHA256 4e6f108a8aca040d8ff8a3fb47ee974e32c6fe3ca5f190ac3de06fda5b0f4f69
Tags
pyinstaller
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

4e6f108a8aca040d8ff8a3fb47ee974e32c6fe3ca5f190ac3de06fda5b0f4f69

Threat Level: Likely benign

The file b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe was found to be: Likely benign.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Detects Pyinstaller

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-19 10:44

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 10:44

Reported

2024-06-19 10:46

Platform

win7-20240611-en

Max time kernel

118s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21762\python38.dll

MD5 c0ed63bf515d04803906e1b703e9cb86
SHA1 61f9a465d7a782aedfd5e2b1a9dc8bff6c103b5a
SHA256 24bfc999a733d4759ca40425610555f597b1d015f87ef5f84e15c665297247a4
SHA512 78384c34cefc40cb86913dffdc6a360668467731a8a3678d5f8377d8ae63d244b45506b0b6e2498825b53abe8fd84d2b75b3e9fef3703fead90183ace433e70a

C:\Users\Admin\AppData\Local\Temp\_MEI21762\VCRUNTIME140.dll

MD5 6ba0dbcd2db8f44243799c891dbd2a59
SHA1 30a2719d4b8667fd237bcfb781660901c993d9fc
SHA256 263988a0868053b6b01835cd2959c8f71e3f943610421b269da646f2d9e3b333
SHA512 94dea85ef50d55cec0d1bbae4671386ce8ca02e870ce417abfef0a8499fdf0bd0eb5ba38debd07c213f7da39cbea63a18143484b05e9c7ca36b2f68e4520bb4d

C:\Users\Admin\AppData\Local\Temp\_MEI21762\base_library.zip

MD5 f6acf8223a4130669a0f61f39016191a
SHA1 b7e69e96fdb19a92454f491adf3646893e80f896
SHA256 bedaaa60d9e60b8b12c1698adc9c9aebe9516368d5fa34dd84283abccd111a31
SHA512 6d2742d3f758640ec66db207aa957b03088352bbad2fe06b191b0d5073e44f5b9370c16a9279471a49b1918fdaa11c27af4a64da687b84fcdd1b69334b8efe02

C:\Users\Admin\AppData\Local\Temp\_MEI21762\_bz2.pyd

MD5 6909da62abc73216883a89a60b66e73b
SHA1 015eb36344e5f3fe2df467bd47a04bded616b052
SHA256 4c22e0d2786dd7e93f55e1f4a1c27d2e141a55682ed2c09b90320817fcf011f9
SHA512 eddabb51b6092b3c3e3b6968ea831a262f8f5f8a26b1c95badc616ca236d0928aa789334835130ec40137ffc623b5d2031a585e890162b489a26fd990845b63a

C:\Users\Admin\AppData\Local\Temp\_MEI21762\_lzma.pyd

MD5 af8385e0cb374ae6caee59190175dd12
SHA1 a16d7d021ec3fa31fb1b2ce5929c2d3d4c96d6b8
SHA256 e414ee3efa6a4e1edf610dd780335ab9372cbe7919a73596bbb267b55ad23999
SHA512 3e4e26bbcf14ebcb4faedb8982c46b3f5318c88dd395c668c50e4f5ddbfe6c1836eb49e49e855cc95934e8247e63df0f7543f66e4fe13335558fc21c0c566b5b

C:\Users\Admin\AppData\Local\Temp\_MEI21762\win32api.pyd

MD5 938235f10520de4169043b4eb20050c8
SHA1 02ae94126f79f96feaa60c7bfbcffcc540a84892
SHA256 a27f2f515bd5b18725e412cfc0d9fa0fb35ad75c037a6d1a66ad891d032a5744
SHA512 cda79d6e9b0ee7d30ebdb969f56397d01cb43b59e8b86e8f0f04764a5aa6261c691a3bd713ac15ebdf760421588db4fdfcefc019e02cf2df1050c3b6b919baaa

C:\Users\Admin\AppData\Local\Temp\_MEI21762\pywintypes38.dll

MD5 b6edd1f02eda832beaf5be3b87354667
SHA1 d7ee654a79a8b49adbce5bcdf31f1038004a7f46
SHA256 95d8327ef84c8563e476c0f16d21e9a045d04a6987afd4260f97ccc856b08926
SHA512 fb99baa053504def4da425829501433cf5b9800707705e09e826eda4334d0481bf15ee05836e1c3fd6966970e02d883a173dd71031097ead38c33f6af0b94338

C:\Users\Admin\AppData\Local\Temp\_MEI21762\pythoncom38.dll

MD5 05b45f17290a76568c61c0ffcb445b67
SHA1 c8f39f7d98a29a520f940dafc4d39f1ab0208b0a
SHA256 8056e931df9a8ba6a3d2def3033361be64a6f81eb5ebc99c3afa4484dfd0e8f3
SHA512 80e6e9a7484d6d620a07eed2f8b0adc3190d85f05ae74ba8af111611ec6f394d70a08e8372a51b9dd4ead602c8895f46a91a99c1701e9234f06484d96d3238d7

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-19 10:44

Reported

2024-06-19 10:46

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\b5b79a957a2c0dfaf41e6d1460350770_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI12082\python38.dll

MD5 c0ed63bf515d04803906e1b703e9cb86
SHA1 61f9a465d7a782aedfd5e2b1a9dc8bff6c103b5a
SHA256 24bfc999a733d4759ca40425610555f597b1d015f87ef5f84e15c665297247a4
SHA512 78384c34cefc40cb86913dffdc6a360668467731a8a3678d5f8377d8ae63d244b45506b0b6e2498825b53abe8fd84d2b75b3e9fef3703fead90183ace433e70a

C:\Users\Admin\AppData\Local\Temp\_MEI12082\VCRUNTIME140.dll

MD5 6ba0dbcd2db8f44243799c891dbd2a59
SHA1 30a2719d4b8667fd237bcfb781660901c993d9fc
SHA256 263988a0868053b6b01835cd2959c8f71e3f943610421b269da646f2d9e3b333
SHA512 94dea85ef50d55cec0d1bbae4671386ce8ca02e870ce417abfef0a8499fdf0bd0eb5ba38debd07c213f7da39cbea63a18143484b05e9c7ca36b2f68e4520bb4d

C:\Users\Admin\AppData\Local\Temp\_MEI12082\base_library.zip

MD5 f6acf8223a4130669a0f61f39016191a
SHA1 b7e69e96fdb19a92454f491adf3646893e80f896
SHA256 bedaaa60d9e60b8b12c1698adc9c9aebe9516368d5fa34dd84283abccd111a31
SHA512 6d2742d3f758640ec66db207aa957b03088352bbad2fe06b191b0d5073e44f5b9370c16a9279471a49b1918fdaa11c27af4a64da687b84fcdd1b69334b8efe02

C:\Users\Admin\AppData\Local\Temp\_MEI12082\_bz2.pyd

MD5 6909da62abc73216883a89a60b66e73b
SHA1 015eb36344e5f3fe2df467bd47a04bded616b052
SHA256 4c22e0d2786dd7e93f55e1f4a1c27d2e141a55682ed2c09b90320817fcf011f9
SHA512 eddabb51b6092b3c3e3b6968ea831a262f8f5f8a26b1c95badc616ca236d0928aa789334835130ec40137ffc623b5d2031a585e890162b489a26fd990845b63a

C:\Users\Admin\AppData\Local\Temp\_MEI12082\_lzma.pyd

MD5 af8385e0cb374ae6caee59190175dd12
SHA1 a16d7d021ec3fa31fb1b2ce5929c2d3d4c96d6b8
SHA256 e414ee3efa6a4e1edf610dd780335ab9372cbe7919a73596bbb267b55ad23999
SHA512 3e4e26bbcf14ebcb4faedb8982c46b3f5318c88dd395c668c50e4f5ddbfe6c1836eb49e49e855cc95934e8247e63df0f7543f66e4fe13335558fc21c0c566b5b

C:\Users\Admin\AppData\Local\Temp\_MEI12082\pywintypes38.dll

MD5 b6edd1f02eda832beaf5be3b87354667
SHA1 d7ee654a79a8b49adbce5bcdf31f1038004a7f46
SHA256 95d8327ef84c8563e476c0f16d21e9a045d04a6987afd4260f97ccc856b08926
SHA512 fb99baa053504def4da425829501433cf5b9800707705e09e826eda4334d0481bf15ee05836e1c3fd6966970e02d883a173dd71031097ead38c33f6af0b94338

C:\Users\Admin\AppData\Local\Temp\_MEI12082\pythoncom38.dll

MD5 05b45f17290a76568c61c0ffcb445b67
SHA1 c8f39f7d98a29a520f940dafc4d39f1ab0208b0a
SHA256 8056e931df9a8ba6a3d2def3033361be64a6f81eb5ebc99c3afa4484dfd0e8f3
SHA512 80e6e9a7484d6d620a07eed2f8b0adc3190d85f05ae74ba8af111611ec6f394d70a08e8372a51b9dd4ead602c8895f46a91a99c1701e9234f06484d96d3238d7

C:\Users\Admin\AppData\Local\Temp\_MEI12082\win32api.pyd

MD5 938235f10520de4169043b4eb20050c8
SHA1 02ae94126f79f96feaa60c7bfbcffcc540a84892
SHA256 a27f2f515bd5b18725e412cfc0d9fa0fb35ad75c037a6d1a66ad891d032a5744
SHA512 cda79d6e9b0ee7d30ebdb969f56397d01cb43b59e8b86e8f0f04764a5aa6261c691a3bd713ac15ebdf760421588db4fdfcefc019e02cf2df1050c3b6b919baaa