Overview

overview

9

Static

static

3

20bb62206e...cs.exe

windows7-x64

9

20bb62206e...cs.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    20bb62206ecbc9eba55df9623c1fe8c0_NeikiAnalytics

  • Size

    165KB

  • Sample

    240510-tzkl4aaa57

  • MD5

    20bb62206ecbc9eba55df9623c1fe8c0

  • SHA1

    ac28f27dd28232131ef996fd760c5c910797fe80

  • SHA256

    85b0a79907361fa8863e3803703987b9dfe8a6fed4e6ecf715d3002fdb5408df

  • SHA512

    a8737a87d586b33a1e3ac28aecb67cd7e467731990ab2f6c60280d0510cb65703d38e6076067d6fa4b0edd026f67af604addb8749903ac6bb6097e6778229e11

  • SSDEEP

    3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZ7udu0e7WpMaxeb0CYJ97lEYNR73e+eKZ7udr:RqKvb0CYJ973e+eKZ7udu/qKvb0CYJ9k

Score
9/10
ransomware

Malware Config

Targets

    • Target

      20bb62206ecbc9eba55df9623c1fe8c0_NeikiAnalytics

    • Size

      165KB

    • MD5

      20bb62206ecbc9eba55df9623c1fe8c0

    • SHA1

      ac28f27dd28232131ef996fd760c5c910797fe80

    • SHA256

      85b0a79907361fa8863e3803703987b9dfe8a6fed4e6ecf715d3002fdb5408df

    • SHA512

      a8737a87d586b33a1e3ac28aecb67cd7e467731990ab2f6c60280d0510cb65703d38e6076067d6fa4b0edd026f67af604addb8749903ac6bb6097e6778229e11

    • SSDEEP

      3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZ7udu0e7WpMaxeb0CYJ97lEYNR73e+eKZ7udr:RqKvb0CYJ973e+eKZ7udu/qKvb0CYJ9k

    Score
    9/10
    ransomware

    • Renames multiple (4434) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks