Overview

overview

9

Static

static

3

e5e5e7125c...cs.exe

windows7-x64

9

e5e5e7125c...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 20:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5e5e7125c0ed4071386a5eeb81e0e30_NeikiAnalytics.exe

  • Size

    402KB

  • MD5

    e5e5e7125c0ed4071386a5eeb81e0e30

  • SHA1

    58280c768ef121f532375e96f90c12d478f28777

  • SHA256

    823a08d92b83a3e4d10f3c777c0072d5e239aecb7561af8d226316e176fe75c5

  • SHA512

    f756622070aa39eaf20c4152a26466907fbf94202ee027847e0d94d4f982d474f547cb6c282ceef74dab75a1e86aa93c4f70b568787c6aaaad897807135151b4

  • SSDEEP

    6144:RqKvb0CYJ973e+eKZ65lqo52kDzMYDJSi7+Ni2ER9Vh98+1PrEVhkQf0huIDaLOD:vvbxYX7Z6MqzBDJkk2ERvT8MPAf/O60

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (4860) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5e5e7125c0ed4071386a5eeb81e0e30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e5e5e7125c0ed4071386a5eeb81e0e30_NeikiAnalytics.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4784
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1288
    • C:\Users\Admin\AppData\Local\Temp\_7z.exe
      "_7z.exe"
      2⤵
      • Executes dropped EXE
      PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe
    Filesize

    78KB

    MD5

    a1562e56dd97db41b2163aed33de290f

    SHA1

    9839ca3cf384bd8a0b34bdc74cfbdf73e1ce4b5b

    SHA256

    7db24acd775cad14bfdc5fab44de56a6d2f31c6615dbabe3f45f435599fd6f31

    SHA512

    5e0320ff13274c58db58a44beffa6e31bb6c056a80f38a25353e029dda2b800d98ba3547ccbffa9c418cd6168d6d687e12957958c01b1681bc47886a0477b1bf

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_7z.exe
    Filesize

    324KB

    MD5

    7187ae605f4dce14bb23ea2623956335

    SHA1

    f7c1df33b875c98f41dcde24117d89d42d25b7ce

    SHA256

    9e2631c19b243c28b0980607ced2540e9447b1166572483475547c1a9dd4ac0e

    SHA512

    f64522e2fb6bb61884fe53c34e79b355efb9ec33c02b2cd67d729af7d763e7b3873a5c7ce6ac7bb4567e6bcf8c70cadbc66f511e8bb151ab05096a832032bc8f

    Download Submit
  • C:\Windows\SysWOW64\Zombie.exe
    Filesize

    78KB

    MD5

    5f6f29e29bc5f285d2d6c30cca909155

    SHA1

    c5d91a27fb4784755a1edb41fbc6e1a8fdc8c10d

    SHA256

    32552483635bc7cadb682a84e921283c845bb1e7accde9ec40477319dacc9601

    SHA512

    6016d8292353f5e98d499ba3bfc5d9815eeae8e4c24c88f4e80c775aa0b83d0109c75d8e7220e15d9ad6566897176a8e3969e9502fa921acba56131a005b7a50

    Download Submit