Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 09:55

General

  • Target

    f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe

  • Size

    56KB

  • MD5

    f4ee81ad2e8812a13f0cefeeeef145c0

  • SHA1

    396e104e5749afcade3f421e5156bc388ce1a5fa

  • SHA256

    170aaf69a8ee722414f987c9ee8903c416d6d41dbf21ae1dc9ab3e95ebdfd10d

  • SHA512

    67c5b8009f4c43cd4bcfd0ea2dd597671e3b2f961eee70c00f60ed95973a6ffda5c432903d7283787d76e97cb086a3fc85687171d431482fbfcb74ae7d812dfd

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFF2:CTWn1++PJHJXA/OsIZfzc3/Q8yiXZw

Score
9/10

Malware Config

Signatures

  • Renames multiple (4067) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1716

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

          Filesize

          57KB

          MD5

          d39a380645a705a04dfc5a8a2e2bd269

          SHA1

          7e27b64beca35d7d8f430c71da71dc0946daee3e

          SHA256

          a57a46bbafd18b8a6a4472374adc5461bc6b671d5ae1de54420de01258e6a196

          SHA512

          e4b1bf796c59d7a990ae0bb6692495b25fd7d4ac5fe0dde349e142fb6036cbd11be5438757204794b5a6833f9a2c8f80a3b7a30378979893365e382183eea0b0

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          65KB

          MD5

          08d1b0668e910451a939291788a313d9

          SHA1

          7c76fc2749f3c21c6cf50c2fd96fdb2f0f6f463e

          SHA256

          c1f2bab50721db27c2f6244699b8f2c6417ca05064ccb3e7bb6499876384bf8d

          SHA512

          ad00d877b43ba1b2c66af77e9ffd9922386188c3b964990e40e981490da197f1718fc384b3eabdc0acb21599ada17f7cfccfc82b7039afeaa5eaa9b02c409474

        • memory/1716-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/1716-86-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB