Overview

overview

9

Static

static

3

513d71eda7...cs.exe

windows7-x64

9

513d71eda7...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    513d71eda71ea002c59d10e98bb018e0_NeikiAnalytics.exe

  • Size

    84KB

  • MD5

    513d71eda71ea002c59d10e98bb018e0

  • SHA1

    52070e4fba10afab112b3983154deb9695b2e6a6

  • SHA256

    46ec0ae9927885d0a4d9af8358aa8e62f6400a672229957df6ec1f32a592e32a

  • SHA512

    0b1a5c0f4c5ae7aba3931ce09db51c7c3025028da3acc151a60d8ebcec5848490457dbf98aad089ca693cf05d5f0fc20c26601c616c5b301eca77401f7bc2814

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhK:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsD

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (5197) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\513d71eda71ea002c59d10e98bb018e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\513d71eda71ea002c59d10e98bb018e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
    Filesize

    84KB

    MD5

    9e1532273bed308f08ffd5d2bf2d934a

    SHA1

    6d3d1853724e606240eb7f9ddb0aa506e363ff99

    SHA256

    54471596337e3277e81b76f7e6fe926a708d5b360bd36a02b59ea4cbf21ae0bd

    SHA512

    a6bb12299e796d4232388ccb569e814f738e9cf31c4a3c26aa628611be9339577da5a1e9e98a63932465b9a41c8fb9faf7244a75f76052826f03f4e385e09f8c

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    183KB

    MD5

    12d90148c048b42b870779f9baaa4e8a

    SHA1

    fe25151b4ef7b9b13104100f8d70ed89ea08e12c

    SHA256

    7cb9834614b1ea2b4ebf356aa1de0c5c735855575acdaee14c19d3985e56e78b

    SHA512

    6ff2fc58f568f4931d2cd0ec8b8f78fcfa6ed9dccba3d6b4625159a9be8faa696a072ba33eaf3c80564e56b19735bf4b15c70dd96115b32a1c9bcf6cce42766a

    Download Submit