Overview

overview

9

Static

static

3

e691aef253...cs.exe

windows7-x64

9

e691aef253...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 17:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e691aef25308f0bcd4ace49c2a920c30_NeikiAnalytics.exe

  • Size

    225KB

  • MD5

    e691aef25308f0bcd4ace49c2a920c30

  • SHA1

    1c06f6556b36b9dbefb787c601d27fa2730a7e3f

  • SHA256

    24aecb71d9d0fcc029264fd5638011b90325a1db9214e616552cdb713bf83aa1

  • SHA512

    36bf77710a098bf6a8c414f7df7d32e7808aa2cdf33b8668084b6150dbe78a13a3ced806bdc8c963c904cf5118e55f50c6ffa92ea0cea7b636e22fa03f79c8ff

  • SSDEEP

    6144:RqKvb0CYJ973e+eKZ0V5O9xpKbShcHUan:vvbxYX7Z0VbvUan

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (5014) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e691aef25308f0bcd4ace49c2a920c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e691aef25308f0bcd4ace49c2a920c30_NeikiAnalytics.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Users\Admin\AppData\Local\Temp\_cuninst.exe
      "_cuninst.exe"
      2⤵
      • Executes dropped EXE
      PID:4128
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe
    Filesize

    82KB

    MD5

    dab6a9b645c78346a999c529df40e81b

    SHA1

    17d3db109e99d29c06da5ddb19ce80a13bac6eee

    SHA256

    e478efb7891d04e78f36b356dfbd62e94c9fbb1f61b12af91936b54344bbac8e

    SHA512

    f80295c2b28ad85b45eb46377c19f4c5c84a6f3d82df1ed7d12f088cd7d0b0c375491c94e901f0a128413908f9023008178c9e2b7e841fec5528c9a03ac50116

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_cuninst.exe
    Filesize

    143KB

    MD5

    7f9f981d970cbccece6ff126ab309045

    SHA1

    950a14dc6b636237c2f158cce02076b1a1b371e0

    SHA256

    82596d7d86d685087965457c297973c2aa1fbff0f6a0a3b8d8760f1cc65105cf

    SHA512

    ac59a2c6bc3b6fad47bac83d84336387b03b45d186c5d021f3c57c7fb160491e8344923d4978e50fb37f6c37e45bbb9c0f9b7cd4b93506ff571c82b795c6fb47

    Download Submit

  • C:\Windows\SysWOW64\Zombie.exe
    Filesize

    82KB

    MD5

    91c73dd48b5f3b73d3eda72ab4b78596

    SHA1

    2d062b73c13f58ec63faf2c7445c38cb61f242e0

    SHA256

    83cf0fb8eea30f2d5d422559b76bf677ee6b8c19b60f8125f9c46d8d0525434f

    SHA512

    13d139acc4d12ed1ad1bd8033222556454363fb824d4302775c3ccae5e2388c73cf11f04c69cfc2bf66b80d3b92fcd8a98a365f002e16db210b579272e9454e4

    Download Submit

  • memory/4128-20-0x00007FFF7CB13000-0x00007FFF7CB15000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4128-19-0x0000000000F50000-0x0000000000F78000-memory.dmp

    Filesize

    160KB

    Download