General
-
Target
4dc57d384dfb9b282c0f14dceaadaf00_NeikiAnalytics.exe
-
Size
204KB
-
Sample
240525-d8kepadd53
-
MD5
4dc57d384dfb9b282c0f14dceaadaf00
-
SHA1
e8b5f4c910844cbe6aac681718be339e5de45837
-
SHA256
ba4b6087e008000e825f8b9f1f7337cfd7ee0e49b513d918da71412fb6d536bd
-
SHA512
a970fee38e7117da3200c22acda173f1b1de6dfc3b313cb957ca25469002b05a0b6a24c8a54fa3666daae75956c6176c0affe9343940182ab95fc17cd08ca1ab
-
SSDEEP
3072:+45yU08b7VR+jgHL3F6rEQuxir0X2q1jY4b8upWJbuOWY3sdoma5DbUolDjr:d5yc2sWO1jiWYxDbUQ
Static task
static1
Behavioral task
behavioral1
Sample
4dc57d384dfb9b282c0f14dceaadaf00_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
4dc57d384dfb9b282c0f14dceaadaf00_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
4dc57d384dfb9b282c0f14dceaadaf00_NeikiAnalytics.exe
-
Size
204KB
-
MD5
4dc57d384dfb9b282c0f14dceaadaf00
-
SHA1
e8b5f4c910844cbe6aac681718be339e5de45837
-
SHA256
ba4b6087e008000e825f8b9f1f7337cfd7ee0e49b513d918da71412fb6d536bd
-
SHA512
a970fee38e7117da3200c22acda173f1b1de6dfc3b313cb957ca25469002b05a0b6a24c8a54fa3666daae75956c6176c0affe9343940182ab95fc17cd08ca1ab
-
SSDEEP
3072:+45yU08b7VR+jgHL3F6rEQuxir0X2q1jY4b8upWJbuOWY3sdoma5DbUolDjr:d5yc2sWO1jiWYxDbUQ
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (55) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1