Overview

overview

9

Static

static

7

ecc3ce0658...cs.exe

windows7-x64

9

ecc3ce0658...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    158s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-05-2024 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ecc3ce06585b56098f7e0bd371023ec0_NeikiAnalytics.exe

  • Size

    104KB

  • MD5

    ecc3ce06585b56098f7e0bd371023ec0

  • SHA1

    79a9ec2775a8ccbf7d9372ee9caf412c604a83f5

  • SHA256

    f3a39bacc355138a91141a063f9cb32e7e57cff027147a70a7ad0d50802e9339

  • SHA512

    5aa02af1264a10814123ba78a0cda31c48fc0287ce7e01b844d61f90bc7e286d06db25683a756cb2f6b2615f06407eac8153ef2acae1a6b3033266cf517791cd

  • SSDEEP

    1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfRbD:hfAIuZAIuYSMjoqtMHfhfh

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (872) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ecc3ce06585b56098f7e0bd371023ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ecc3ce06585b56098f7e0bd371023ec0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1196
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2232 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1528

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
      Filesize

      105KB

      MD5

      15e40bd72639ad84e4c892efc75b37f2

      SHA1

      91b1e0e0f2cdd1d7b894b51bd50cdc4bed8e693d

      SHA256

      bf9142ecd54079a2dff42baf7392e6686003bfd50c02ba018835ee1ace37cb86

      SHA512

      42984a0f86075df8a6954c80734d0ce6a0c00a9f6ccdfe7a99af6bcdf282c75169244c836f5535177b1de88e435d04cf9097a676b1afe8420307d2d34667cc62

      Download Submit

    • C:\libsmartscreen.dll.tmp
      Filesize

      104KB

      MD5

      5b6351b944e76c8bc510e5fb312dc832

      SHA1

      5858127fa80290bcd664872554f34eaa27c47deb

      SHA256

      91a56c92957968b2353b17e5f6fe7bb3addfa5621e1334710435b77104596f36

      SHA512

      fb04894b7c9724fd5e766e3e6d731e7e31ef44e9b5affde5a50942a6c4669722fb64eb2a62300a139ee5b857fb22a05a73387d76dae2f04298b26c0b6215e554

      Download Submit

    • memory/1196-0-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1196-42-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download