General
-
Target
703bd89e6d83e50f5514c3b4a7ee86d0_NeikiAnalytics.exe
-
Size
316KB
-
Sample
240526-f2mycagd5w
-
MD5
703bd89e6d83e50f5514c3b4a7ee86d0
-
SHA1
fe94982b8bfa785686d9a89b310a0954fc9cc389
-
SHA256
a7c01a6b15c19f06c499f1b7455caa02aed1735a15f9f7cddc4874cf598734cf
-
SHA512
1c767b34838f6dccb5f4b99bfa6a4d3f13d1646aa1744368819cf3381ec8f0a9319e90768fe300e87f59b6349777cdb961c69cdac25d8fe3308758928962bfcb
-
SSDEEP
6144:fL/aCDDzDsaBX7osi2xpeVOuLy8IfzTL+B2Eg1WIylk5U6s6:f7vksi2xW28g3LYuNyl0Bs
Static task
static1
Behavioral task
behavioral1
Sample
703bd89e6d83e50f5514c3b4a7ee86d0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
703bd89e6d83e50f5514c3b4a7ee86d0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
703bd89e6d83e50f5514c3b4a7ee86d0_NeikiAnalytics.exe
-
Size
316KB
-
MD5
703bd89e6d83e50f5514c3b4a7ee86d0
-
SHA1
fe94982b8bfa785686d9a89b310a0954fc9cc389
-
SHA256
a7c01a6b15c19f06c499f1b7455caa02aed1735a15f9f7cddc4874cf598734cf
-
SHA512
1c767b34838f6dccb5f4b99bfa6a4d3f13d1646aa1744368819cf3381ec8f0a9319e90768fe300e87f59b6349777cdb961c69cdac25d8fe3308758928962bfcb
-
SSDEEP
6144:fL/aCDDzDsaBX7osi2xpeVOuLy8IfzTL+B2Eg1WIylk5U6s6:f7vksi2xW28g3LYuNyl0Bs
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (55) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1