Overview

overview

9

Static

static

7

96cbaa0576...cs.exe

windows7-x64

9

96cbaa0576...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 06:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    96cbaa057618beee86f48cb6d255ca90_NeikiAnalytics.exe

  • Size

    128KB

  • MD5

    96cbaa057618beee86f48cb6d255ca90

  • SHA1

    90f48cf24ec74bc4af6264aa032b46671be579d0

  • SHA256

    a1666602cd3e0c6e4bd8e32e7563b73c8729622416f30bd1c20f7c1f8b55b972

  • SHA512

    1820053625b9ae3ebfb2d52a9e688140302c21b849be1f51f07bc057c7a588ef3f1ce14987942399f6b20482b27030650d6b12a68d0ccb65a993ee039ae6b6dc

  • SSDEEP

    3072:+nymCAIuZAIuYSMjoqtMHfhf5SGfFpsJOfFpsJl:JmCAIuZAIuDMVtM/XSd

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4877) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96cbaa057618beee86f48cb6d255ca90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\96cbaa057618beee86f48cb6d255ca90_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:452

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
          Filesize

          128KB

          MD5

          05527a3deace651c6f2eb7df5f138951

          SHA1

          36d787115a37479c103edd4be84d72b60a06d26a

          SHA256

          7fe79714ce448e2891b75bef0b5b37ae7476d8418a03a88fc8f1f5fc01b54407

          SHA512

          da3a202760fe01a91b9d973fa326c8aaacff8de8b1077dd467e6464426b31334330f39e8974abe54894e5f58a707eb686986c52463bfe97117184f59fe8e3409

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          227KB

          MD5

          e278da15a97e3963e48e2ebbc86046f5

          SHA1

          c6fb210047b016168711ed38261dac69b954c419

          SHA256

          04ec5039f869c471907cc210820207fa25a4251ecf9095ea7e6c51a7f24052d0

          SHA512

          4aad10c2ce04ea6f2a957841fcf8f38ba27890614133c7b3a3cdd98e037a7947c86ff9140253c1957c3dec465bdcb8e21c7960bd835a815d590b894fd3f15c2c

          Download Submit

        • memory/452-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/452-1786-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download