General
-
Target
396f35b1bdeb8dd81739eb7f2cc769d0_NeikiAnalytics.exe
-
Size
9.9MB
-
Sample
240525-3w7f5afa9x
-
MD5
396f35b1bdeb8dd81739eb7f2cc769d0
-
SHA1
d678bafbf8a85922cc9d38293c35a805844eeef3
-
SHA256
261ffc5a219a6a834eb57c4595b28912aa78f75eff32caa3d79d44c5ff400c60
-
SHA512
cf89004f3ff589589ecd00863c9a92dbb81375be3b1ef8e2231afe23c161b72a61c3a39de268486cfde0d1a1694a2fbac235075515df2b0e27dee12992e83bca
-
SSDEEP
196608:OhHFRIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:MGFG8S1+TtIi+Y9Z8D8CclydoPx
Behavioral task
behavioral1
Sample
396f35b1bdeb8dd81739eb7f2cc769d0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
396f35b1bdeb8dd81739eb7f2cc769d0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
C:\Encrypt\encrypt.html
Targets
-
-
Target
396f35b1bdeb8dd81739eb7f2cc769d0_NeikiAnalytics.exe
-
Size
9.9MB
-
MD5
396f35b1bdeb8dd81739eb7f2cc769d0
-
SHA1
d678bafbf8a85922cc9d38293c35a805844eeef3
-
SHA256
261ffc5a219a6a834eb57c4595b28912aa78f75eff32caa3d79d44c5ff400c60
-
SHA512
cf89004f3ff589589ecd00863c9a92dbb81375be3b1ef8e2231afe23c161b72a61c3a39de268486cfde0d1a1694a2fbac235075515df2b0e27dee12992e83bca
-
SSDEEP
196608:OhHFRIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:MGFG8S1+TtIi+Y9Z8D8CclydoPx
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Renames multiple (153) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-