Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 19:33

General

  • Target

    2082083937c248c3b0246b25bc52e470_NeikiAnalytics.exe

  • Size

    103KB

  • MD5

    2082083937c248c3b0246b25bc52e470

  • SHA1

    dbff7fa147f347d924d45add3d396a99be9f75fb

  • SHA256

    5365858404497bdd6120a58722a7133d9592fd019e00c779da2fee2dae468b57

  • SHA512

    ac8a47e2294831b54055ce7872e47faf5a21c28135ebfaee0b3e61340699a975a484870509767dadc04b302642064cb078e17441dd31b2dbea8d6aafc66213ae

  • SSDEEP

    1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfo:hfAIuZAIuYSMjoqtMHfhfo

Score
9/10

Malware Config

Signatures

  • Renames multiple (3450) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2082083937c248c3b0246b25bc52e470_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2082083937c248c3b0246b25bc52e470_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

    Filesize

    103KB

    MD5

    1d4e0d157a963d6b94437010014f36a2

    SHA1

    08bad711a66b8424f745f2e3a3e3907572eca1b2

    SHA256

    53d947f0cf8693a8eb1f7cf9dc5180208d22ec7389b638a3c29f35785fb0cdce

    SHA512

    767c2c29b95056e3ab73791c5c5e8bfd3cfb67bc2358dee036dbc43ace72663c4a08f3be63299661c5ff76ad37caf4f0e10ebb5d79c08f06f2e09cdf9f06c9f7

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    112KB

    MD5

    2414e80bdc1564e1c4ba19af6cfaf4f5

    SHA1

    e4de69ccae92be76a1fd02e6982aebdcb0381d03

    SHA256

    b0c6e11cf66cb05048686df2bd02ae36aa3b2ac243b70c9ddc586b1bfb539632

    SHA512

    261fd4346122704f558be3a2ebb07992b322439ddd061b3deca1875ec8f33a09a189e1fcd04159811ef481f703a0870f9a9197c457b837d97899556d97b52075

  • memory/2100-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2100-74-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB