Overview

overview

9

Static

static

7

0c2b38b49e...cs.exe

windows7-x64

9

0c2b38b49e...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 15:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe

  • Size

    202KB

  • MD5

    0c2b38b49ed1af31dcb2ec264ba5a100

  • SHA1

    123478781f0360c304f8d1aac23430929cb42456

  • SHA256

    707d665e3acfdbb5a925cb739b4bfc59ed79e12291f33721dac3100899cfc12f

  • SHA512

    6782f0a53535a40384d02b132b7f1c1de47be3b0c33fc4de5c6070c8245ff351af8bcba3b03eccb45a70ef4fdd7476b10edf23ae08fd7574f4e1272e4df0a500

  • SSDEEP

    3072:enaym3AIuZAIuYSMjoqtMHfhfmLIwuyKhr1nOL:wHm3AIuZAIuDMVtM/sLIwuyKhr1nOL

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (1160) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1348
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3368 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3288

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
      Filesize

      203KB

      MD5

      6eb15e224cefb131910fd5b721429031

      SHA1

      586b6cff417df50e41fe03f5cdb57797a7866620

      SHA256

      14a55b4d67ee44921cc0b568c59135af49a4ec70dcddde5bed4c3a4a0b3d279d

      SHA512

      1f3138856b7c03be67a528b6f0aab594e6364dc26a57ba555a2ffb6c1e99ffde6016266245f0d26a171cf093ac0a3ecd4e615c4b4c1ef9d48aff0faa60057870

      Download Submit

    • C:\libsmartscreen.dll.tmp
      Filesize

      202KB

      MD5

      46fef9f0bfead2fb2a0be81cbb3c9bd2

      SHA1

      60d666ead062c7a4194778cfe1d646de62503c47

      SHA256

      9e2235c3a658d331be827be9f893b20e903984d6b94303bb0a3adb22246b2e6f

      SHA512

      aa7a166422ea8c96b489eb159d424ab832cc0b2d94c2624c4f49fdb166455b278fa3590cde64ac2ef9ae64519c2ee9f7b442c356ec0d3db6c1fbd6ac65f8cb04

      Download Submit

    • memory/1348-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1348-426-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download