Overview

overview

9

Static

static

7

71e95b4887...cs.exe

windows7-x64

9

71e95b4887...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 12:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    71e95b4887e48bf8e20c026240fcbb40_NeikiAnalytics.exe

  • Size

    72KB

  • MD5

    71e95b4887e48bf8e20c026240fcbb40

  • SHA1

    4cf733e07dce2d9be7a9ec15672aad6d86dfdd11

  • SHA256

    0b964c6fccc270dd805b4a8a9a4988c0d0c7ca458cb55e4b617134f76b4f126f

  • SHA512

    c20e1a8fbbff796fe9a5d03ebaa29efd4c220027ba8c1675d02ac3cce8b7b6a848cbeae0d3a0db6b998bbc95b6fb40051600acee93015fb209831058c3ffa813

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8xJJMJJP:+nyiQSop

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4863) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71e95b4887e48bf8e20c026240fcbb40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\71e95b4887e48bf8e20c026240fcbb40_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp
    Filesize

    72KB

    MD5

    f485c27a8849c57f6ea539195459af9e

    SHA1

    7f26627cc17f64fcc8d4bb9e63a2c0883da96d75

    SHA256

    450f8fd42794347f90c868d034153f31db33cc1544dc651fed2c58852fc0c67b

    SHA512

    26a8b99c41566cd2d41704de1a1b3de9db11886ede0fdbd88bda6229213892bf91184e861bbf3f157583fa3cd991217a79a438e88a232949c3a81f7e96169306

    Download Submit
  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    171KB

    MD5

    2fc747bbac556f1eaf7989685b4869fa

    SHA1

    1c634b8ca84c47d82dc6e4a4e1ba7550327ba523

    SHA256

    03d5426966c693d00e1ea847ba633fd042dd68068549e37dfa31013a8139fbfe

    SHA512

    1e86ce008d766476f5af49cee947ac922a6658f22d57fc356cf0b179df2894f0162891a5a68a835415fa061b133cb2acb8d3c46e12e5592f3636eb89cfa4c256

    Download Submit
  • memory/1524-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1524-1782-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download