Overview

overview

9

Static

static

7

a0be7c5ea7...cs.exe

windows7-x64

9

a0be7c5ea7...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    152s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 07:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe

  • Size

    134KB

  • MD5

    a0be7c5ea79ccd7e1f3735b89dcb27a0

  • SHA1

    e552cf500f996de529ac9a7a73824fa7709fa583

  • SHA256

    6a42c385897dfba48eed3eebdc1c0a3595290ea344b02c12ebcdfb324e6f523c

  • SHA512

    0103b749f2f88fbcb7747bfafc647fd3a0bfe58c5177b2e625b8995a67c27e737948959dfff95e3ac383bbc06110f042b103d1460b375bf8966b15244f9bccdf

  • SSDEEP

    1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCj:+nymCAIuZAIuYSMjoqtMHfhfC

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (976) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4752
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3808 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3696

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
            Filesize

            135KB

            MD5

            68b02efd7568bff68e916ae72e25325d

            SHA1

            c12333f4335530c91d56269e6f207a7f6fe99dc6

            SHA256

            9cf0bd5b73b158de613074e27f68326a323f830fa10458807f11e761c3d1c435

            SHA512

            a97251fbd29ccaf3311cc069c4ee0623a43dc860d3945ef5922ecb6bb0791ca6f7cb2eeb9cf8ee0e9ed1eacbfa174c7c439d1efac5e9356099f8a2f7200c1fb7

            Download Submit

          • C:\libsmartscreen.dll.tmp
            Filesize

            134KB

            MD5

            b531758d0d57edd09cc8ec8daea20e78

            SHA1

            a799c33dbbeafa1a24a9fd5e9ecad4d729e5074c

            SHA256

            0e12d1d3a4cd0403ed0f80252257e8dd1d5e260ee875caae3a6fd030a9236c74

            SHA512

            f318a1f0efdcce7abd2087d7aaa6643a7444883ef068d80dd1c6b61ddd6594266737e1479e696c42ad382403bd56377ae831c5058fb6e907f65b868b5cc10f1c

            Download Submit

          • memory/4752-0-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/4752-306-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download