Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 11:40

General

  • Target

    36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe

  • Size

    91KB

  • MD5

    36ca227404895d1a836f0fd5d7ce94d0

  • SHA1

    957f90be00404758b3afb88097f8c804fa8a65e5

  • SHA256

    3648fd0393d552e11a9d493c5dba80a21b664fbcfdc35f47589d41e8f13b88fb

  • SHA512

    b9cd3fb5ad64585df0600aace994af028caa44f069d3f32ed75f41b0eaa908a37cccc170b2d1457761e406fb22da2a0a1b315a2028cbace22c3e84455555b6d0

  • SSDEEP

    1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN0U6PG0PGo:6rWpcOPxPke+e3fFpsJOfFpsJbgEmPx/

Score
9/10

Malware Config

Signatures

  • Renames multiple (4837) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2816

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

          Filesize

          91KB

          MD5

          d18b4d458adc8416d8599fcf1dc3724a

          SHA1

          9506a7d53d8862cbf9798b1d2ad269137631c127

          SHA256

          a8f5222fb68ca73e93350ce5488c0f83f406b8954191ac08789fcdac7971d818

          SHA512

          1e6dce7bd86653ea94148c3397aa7c92480f9ee8406dbe3163eefc51529d5c5ae16329e58ca285e97a4812bbde7c8af0d36898b6ee16b48b9c2096ed2326641b

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          190KB

          MD5

          d4d8b1d764a78892a8a54ea87c44421b

          SHA1

          5fe7c76fcfed35c2d768e87e4673ee0cb97f1e1f

          SHA256

          5711d7927ef32c2f1fbf22d0b25db8026d5a50f5738277bc6ab2d54dc1443c9b

          SHA512

          2bf8072cbd8bbd5e8c2ac168d82c4ee85bc42476237939ff6007519e2b50e9725e64a35239e0f6ec775813cddc3512fa3819bd563dc3b2064022496b53ed563a