General
-
Target
3dd828e13ed722d42d7cf3c9ceb70f80_NeikiAnalytics
-
Size
564KB
-
Sample
240515-1mlrysdh64
-
MD5
3dd828e13ed722d42d7cf3c9ceb70f80
-
SHA1
6fcf07099f334997e26960c567574a8ad4fd4a6f
-
SHA256
1203a2d40de03cd90f4c213784840c9ee6aec45cb6e3051bfda20eab38b3726f
-
SHA512
0bddbc86eb5889c6acfc77e24f24342b713588c8b3e960b03502fa158c59e7cc9f88186110216b77ea76527ca6a98e574d1230bec54d996f42e10ad1529808b7
-
SSDEEP
12288:2t0ll2I37cBzoxZzVQ0DRlCsQfSmXuTEWbBBAsRdQBuA/:2eLcBmqfpX4EoPVRU/
Static task
static1
Behavioral task
behavioral1
Sample
3dd828e13ed722d42d7cf3c9ceb70f80_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
3dd828e13ed722d42d7cf3c9ceb70f80_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
3dd828e13ed722d42d7cf3c9ceb70f80_NeikiAnalytics
-
Size
564KB
-
MD5
3dd828e13ed722d42d7cf3c9ceb70f80
-
SHA1
6fcf07099f334997e26960c567574a8ad4fd4a6f
-
SHA256
1203a2d40de03cd90f4c213784840c9ee6aec45cb6e3051bfda20eab38b3726f
-
SHA512
0bddbc86eb5889c6acfc77e24f24342b713588c8b3e960b03502fa158c59e7cc9f88186110216b77ea76527ca6a98e574d1230bec54d996f42e10ad1529808b7
-
SSDEEP
12288:2t0ll2I37cBzoxZzVQ0DRlCsQfSmXuTEWbBBAsRdQBuA/:2eLcBmqfpX4EoPVRU/
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (84) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1