Overview

overview

9

Static

static

3

701b395c85...cs.exe

windows7-x64

701b395c85...cs.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    701b395c85896dcc7a508a343f860470_NeikiAnalytics.exe

  • Size

    39KB

  • Sample

    240526-f121wahb77

  • MD5

    701b395c85896dcc7a508a343f860470

  • SHA1

    bb361219e782582ee13f23b60d5643c8af5b342c

  • SHA256

    234cd6db8a9e6a08b7deb041b168f3580cded83a59befea74bd4ad24dc863980

  • SHA512

    dc97234509ec4cb541984ae097b67b4e9e6bf4b3fbafa8b424a8bf3df50e6304d9f3800241ae4ba5008d990fab1fffeedc4f321db0fc18362b204091ae3839a1

  • SSDEEP

    768:LZ+Zxe90i19C92eocaWTmNtY6coZOuLPfBXMqD7/jNi:LaiZ19C92eocaWTKtNJZOuTfBXMqz0

Score
9/10
evasionpersistenceransomware

Malware Config

Targets

    • Target

      701b395c85896dcc7a508a343f860470_NeikiAnalytics.exe

    • Size

      39KB

    • MD5

      701b395c85896dcc7a508a343f860470

    • SHA1

      bb361219e782582ee13f23b60d5643c8af5b342c

    • SHA256

      234cd6db8a9e6a08b7deb041b168f3580cded83a59befea74bd4ad24dc863980

    • SHA512

      dc97234509ec4cb541984ae097b67b4e9e6bf4b3fbafa8b424a8bf3df50e6304d9f3800241ae4ba5008d990fab1fffeedc4f321db0fc18362b204091ae3839a1

    • SSDEEP

      768:LZ+Zxe90i19C92eocaWTmNtY6coZOuLPfBXMqD7/jNi:LaiZ19C92eocaWTKtNJZOuTfBXMqz0

    Score
    9/10
    evasionpersistenceransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks