Overview

overview

9

Static

static

7

a8238560a2...cs.exe

windows7-x64

9

a8238560a2...cs.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a8238560a26002ca69435c74e9625ff0_NeikiAnalytics.exe

  • Size

    80KB

  • Sample

    240524-e6khcadd65

  • MD5

    a8238560a26002ca69435c74e9625ff0

  • SHA1

    20feba6805079870490e84aa9cedf196eb825441

  • SHA256

    c76ac0f265edb1a6e0c86e7458c04adc6dadbd18edcebcc5be807fe39d0385e6

  • SHA512

    a449e20eb8ac51068630c2981e055a36ceefbc981904003dbb2fa3092775a259abab3d6bb8d0180b48e746eefb53c25d6ad63dc139c752670cef0df5f022cb8f

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8wr0ARZF6NFVogjQlRv/Lq:KQSoMwUhQ7Xu

Score
9/10
ransomwareupx

Malware Config

Targets

    • Target

      a8238560a26002ca69435c74e9625ff0_NeikiAnalytics.exe

    • Size

      80KB

    • MD5

      a8238560a26002ca69435c74e9625ff0

    • SHA1

      20feba6805079870490e84aa9cedf196eb825441

    • SHA256

      c76ac0f265edb1a6e0c86e7458c04adc6dadbd18edcebcc5be807fe39d0385e6

    • SHA512

      a449e20eb8ac51068630c2981e055a36ceefbc981904003dbb2fa3092775a259abab3d6bb8d0180b48e746eefb53c25d6ad63dc139c752670cef0df5f022cb8f

    • SSDEEP

      1536:CTWn1++PJHJXA/OsIZfzc3/Q8wr0ARZF6NFVogjQlRv/Lq:KQSoMwUhQ7Xu

    Score
    9/10
    ransomwareupx

    • Renames multiple (3718) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks