Analysis

  • max time kernel
    153s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/05/2024, 20:33

General

  • Target

    20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe

  • Size

    98KB

  • MD5

    20d5a4b5653b705abb9e0db6d0f7b7e0

  • SHA1

    b71509ae66cb5b489d5f215f18eb168396b36780

  • SHA256

    1e5cc9a4f302b4b00f46340b9f42c8e62790939b4b7cfe90387e4a0136fa754c

  • SHA512

    453a776b7252b58fa20fd4f4e178b66fb67ad7bb4aba1c6f5629c3137947fc4f8073fe3097490a6d467532298a0c3eb52d894031801f1abcc628968a4da4fa82

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q1pkMJ+ZGtK1+ZGtKQNMdTajOtGtU1wAIuZAIuJix:KQSo1EZGtKgZGtK/PgtU1wAIuZAIu6

Score
9/10

Malware Config

Signatures

  • Renames multiple (1330) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1900
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3404

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

      Filesize

      98KB

      MD5

      0019f82d5859ff389d4ab36cdd4f9547

      SHA1

      20419cd58b5636f91860477340aded94eda7b55d

      SHA256

      397dbe84029ec26644a9313c418b5cbfaed8e3458408b0541c9c910f0f5faf01

      SHA512

      afb774b0d4c1cf8a8b897872f51766d8999591109d5bf72fc5c38ccda9430c18883b2185e245b57d50c6a520c95242329c057f5a7d07265c017da0c99bd4b0c9

    • C:\libsmartscreen.dll.tmp

      Filesize

      98KB

      MD5

      122523035c349643e6216771d24548a9

      SHA1

      3193087c7aa4fe5849506667a1c4af59dcf95c8e

      SHA256

      8d5ec624d4a4d05dca99bf32f070f5215830907cf84df478b135175d95c18f33

      SHA512

      1aa038f4b2486326f8b3a3c3aa34f1614355f996cf550af60b4d5e6db9cec8ef1d3cd7af4112bdb0655c95f6aee97fa20c7ebd7d3c18b8692d02dd4ac44595fb

    • memory/1900-0-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

    • memory/1900-102-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB