General
-
Target
3c82e02e0e6fbfe5e43567f7beab36c0_NeikiAnalytics.exe
-
Size
193KB
-
Sample
240526-ahppyagc83
-
MD5
3c82e02e0e6fbfe5e43567f7beab36c0
-
SHA1
965c4bb782941d95276b73186dd6fd6300a67fd7
-
SHA256
1634bf8ff10e04966861cef51062a21ef03ed5e73f836076295c0f02362e49a9
-
SHA512
3d43106316516e6b1f90f92f089e968abbf03a1830b10b38476ea01c823140fc98ce3a825f61de20c37be2fd551328ca983edd911931bc04124cd27274d43a4c
-
SSDEEP
3072:65Xf+PP6zDFD0kFtEDFwhP4EO2jq1cEMASFUOUmK79YqOPJx8:uP+I3/8w3rOeEKFUOUmK7G7f
Static task
static1
Behavioral task
behavioral1
Sample
3c82e02e0e6fbfe5e43567f7beab36c0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
3c82e02e0e6fbfe5e43567f7beab36c0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
3c82e02e0e6fbfe5e43567f7beab36c0_NeikiAnalytics.exe
-
Size
193KB
-
MD5
3c82e02e0e6fbfe5e43567f7beab36c0
-
SHA1
965c4bb782941d95276b73186dd6fd6300a67fd7
-
SHA256
1634bf8ff10e04966861cef51062a21ef03ed5e73f836076295c0f02362e49a9
-
SHA512
3d43106316516e6b1f90f92f089e968abbf03a1830b10b38476ea01c823140fc98ce3a825f61de20c37be2fd551328ca983edd911931bc04124cd27274d43a4c
-
SSDEEP
3072:65Xf+PP6zDFD0kFtEDFwhP4EO2jq1cEMASFUOUmK79YqOPJx8:uP+I3/8w3rOeEKFUOUmK7G7f
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (57) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1