Analysis

  • max time kernel
    157s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-05-2024 02:34

General

  • Target

    5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe

  • Size

    129KB

  • MD5

    5aa09d625a9a578d2cbf133637a8e7a0

  • SHA1

    2445e71855ca3cb86156e15adc5e3fff40398765

  • SHA256

    ffa4fe0fd33d0ddb12fe44b05297dc2ad09bed0cb48d4e6eee73eb999454273d

  • SHA512

    1905d71b0f313e34be0e487d97540026eba063e52600be9219e4631e0f92a25296e253d693a52cb6f634a35a221db809220f35178842d7b1a5a9cbee566b73cc

  • SSDEEP

    768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBO4:/7ZQpApUsKiXBvzwvzXJvlwJvli

Score
9/10

Malware Config

Signatures

  • Renames multiple (858) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4764
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3944 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1476

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

      Filesize

      129KB

      MD5

      f5b6990900054ba774b94236212d83c9

      SHA1

      6e2bb44c640dda8bbce6e754724310f6f71c74c2

      SHA256

      36043f29657276c6ba0f8a5e841fbfbba7dd7a2dc325ad47828d59e8a37ddf58

      SHA512

      3f7d277a0692a04f85ccf3ed3e73c772102c7b81b201d3423ddd472236e6f099f299d4ec7bc23a33e19280b658aca102b9fd62bf78276d60a16b6a1bf2cd3805

    • C:\libsmartscreen.dll.tmp

      Filesize

      129KB

      MD5

      15374b9d0f6f47903eba6a6d3998552f

      SHA1

      1383af54474d64a2bb0e01fda2fefa5137c17a01

      SHA256

      90e48c2d7f5e0833196526bf9d6e89da19641659e784b0c0cff185415795f0d1

      SHA512

      0bdd0f80917bf6c19c7be70977e9d9a1133f73ac3c098905e465b2fa1306b8c345ff001a62a1d56a403d87c30ddcfd3f3370d9931728d52c96452b15b10632e1

    • memory/4764-0-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4764-226-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB