General
-
Target
03373d86fcc0d144ae77a9403ed17eb0_NeikiAnalytics.exe
-
Size
264KB
-
Sample
240524-vbprkscd7s
-
MD5
03373d86fcc0d144ae77a9403ed17eb0
-
SHA1
d27215b607ba6b270a8f19417a5b7b99ecec68dc
-
SHA256
97c02a6fe5002ef05be17a73f241b5eb0c18742c1abfac597fa723a1248e6d69
-
SHA512
fc493aa20e4d94ff77747b3ade4163955a5794a237b6e723f0128ea1c676b4b2182ae4c14c9157716b01bc81bd3b92c6d227bda538ad69a093d173ae38684d73
-
SSDEEP
6144:xAqOAB2Agu2edx/Yo/9wSYdOQXnl7BHGhIoHaS3rmZpXk:xACBZBYo/9IdOQXvlTk
Static task
static1
Behavioral task
behavioral1
Sample
03373d86fcc0d144ae77a9403ed17eb0_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
03373d86fcc0d144ae77a9403ed17eb0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
03373d86fcc0d144ae77a9403ed17eb0_NeikiAnalytics.exe
-
Size
264KB
-
MD5
03373d86fcc0d144ae77a9403ed17eb0
-
SHA1
d27215b607ba6b270a8f19417a5b7b99ecec68dc
-
SHA256
97c02a6fe5002ef05be17a73f241b5eb0c18742c1abfac597fa723a1248e6d69
-
SHA512
fc493aa20e4d94ff77747b3ade4163955a5794a237b6e723f0128ea1c676b4b2182ae4c14c9157716b01bc81bd3b92c6d227bda538ad69a093d173ae38684d73
-
SSDEEP
6144:xAqOAB2Agu2edx/Yo/9wSYdOQXnl7BHGhIoHaS3rmZpXk:xACBZBYo/9IdOQXvlTk
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (59) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1