General
-
Target
1cfec1feba785f70ccc90f5a872b0780_NeikiAnalytics.exe
-
Size
194KB
-
Sample
240525-zfl9gahf6t
-
MD5
1cfec1feba785f70ccc90f5a872b0780
-
SHA1
8c488f34e26192456f06062f55a969026440f47b
-
SHA256
e864c62e154dbbb62470b92371d21343d435d16785240cf0252f1aa8c15b86aa
-
SHA512
c60be0456d515114f6d58df1fed8633b6b646ad9ab4f8b4e1fc6f0548c4293ebbe2a8642d6637afce0e03528edefe68521f2cd0e6e1cca5890fc05864274cccc
-
SSDEEP
3072:WQ5FAgbr425pXNqgNzG+L5Esr/8kZ52mZOcC6nSlc9wK:WoAgbrHRN7h5nrLIlCz
Static task
static1
Behavioral task
behavioral1
Sample
1cfec1feba785f70ccc90f5a872b0780_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1cfec1feba785f70ccc90f5a872b0780_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
1cfec1feba785f70ccc90f5a872b0780_NeikiAnalytics.exe
-
Size
194KB
-
MD5
1cfec1feba785f70ccc90f5a872b0780
-
SHA1
8c488f34e26192456f06062f55a969026440f47b
-
SHA256
e864c62e154dbbb62470b92371d21343d435d16785240cf0252f1aa8c15b86aa
-
SHA512
c60be0456d515114f6d58df1fed8633b6b646ad9ab4f8b4e1fc6f0548c4293ebbe2a8642d6637afce0e03528edefe68521f2cd0e6e1cca5890fc05864274cccc
-
SSDEEP
3072:WQ5FAgbr425pXNqgNzG+L5Esr/8kZ52mZOcC6nSlc9wK:WoAgbrHRN7h5nrLIlCz
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (75) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1