Overview

overview

9

Static

static

3

82e79b09a6...cs.exe

windows7-x64

9

82e79b09a6...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 05:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82e79b09a6cecca253a51635238fb3b0_NeikiAnalytics.exe

  • Size

    92KB

  • MD5

    82e79b09a6cecca253a51635238fb3b0

  • SHA1

    a85ce551f01f3cbf9e7bcbb5ab11ffc2af14b424

  • SHA256

    2c7fb5dfb9846b7da82d9bbab74ce56d77e739576be42490b0d9d99bffcc1a86

  • SHA512

    2b6faccf8716496ca059bb7fba749fb744a96f1f64ffa55bec5fa5eabf8f4b9b6b8f8e98f3bcc853b452ad06efdf757ee5d657484c997654097f9d98a065dc7a

  • SSDEEP

    1536:W7ZDpApYbWjCDOwr0ARZF6NFVogjQlRv/Lq:6DWpeDOBwUhQ7XO

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (3530) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82e79b09a6cecca253a51635238fb3b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\82e79b09a6cecca253a51635238fb3b0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Users\Admin\AppData\Local\Temp\_checksum.exe
      "_checksum.exe"
      2⤵
      • Executes dropped EXE
      PID:3044
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
    Filesize

    57KB

    MD5

    2ebd044382d911878effb565fbf1506d

    SHA1

    226344efaab9282221b58f795fb46090c652bbfd

    SHA256

    afcf9eb1b7fda13430367bf50b9cbfe725903b1266feda0d7ba92e5e474a99c2

    SHA512

    00be0ad056502a6fce4c763b0f9506f45d0aabeac756aa09980ab58ab39afc58fd4f103317bdcdd39727c915f1b0d8690dcf0d387bb30b9476bf1ac5effcea37

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_checksum.exe
    Filesize

    35KB

    MD5

    23f049f14ca0e68af4b9883514791dfe

    SHA1

    1224ecfda221e54d4536a4ac102a56235320ee25

    SHA256

    9562aabe1f71d7ff5ec879fd2fb5cfe4be2c8f62a7fa5a1aa49660c3a495f1fb

    SHA512

    ce91cd089a299ba88f047cf15fd06673389942dabbf8be5bf2e2666e1048bc6da261ce30cae1e2ecb3b50392441a335bf97cc4ed51540554bedabe65590be677

    Download Submit

  • \Windows\SysWOW64\Zombie.exe
    Filesize

    56KB

    MD5

    422ffd6d973cb221569512f8a86271ea

    SHA1

    7557de07f388720dfc713900c35bf71470208df4

    SHA256

    42d9af2aef554c334d1f361a5d2843f80a435cbddd51682f26a3b9cc14657bd6

    SHA512

    f08fe1e4627488ff45388289de1634386b21fd39ceacb93668a1aff54fa074d5ba383eb1c1133f21965d866e0c6f27cd8a91210537b6357495dd9e1eec845e13

    Download Submit

  • memory/3044-19-0x000007FEF5C43000-0x000007FEF5C44000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3044-22-0x0000000000CB0000-0x0000000000CBE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3044-27-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3044-654-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

    Filesize

    9.9MB

    Download