Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 11:40

General

  • Target

    029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe

  • Size

    43KB

  • MD5

    029fdee291172faae67ad45d4541a520

  • SHA1

    99bbdcc98e8c9497c457ffc36a24068040cbaad5

  • SHA256

    01204386d084e6820be2f305f779634704dac91e51be36b843dbd44c6de5af97

  • SHA512

    da5181e7442d78992ab1d44f8abda8eb6e5aa9f8c6aa251b558b56f11ec65d439db60a9cc21769612321a708fa1b15d74f1a37978be19055bec41c706e0c7ab8

  • SSDEEP

    768:W7BlpNLpARFbhblkYlkrt8PWGoPWGBJ0CJ0h:W7ZNLpApCZrt8PWGoPWGBJ0CJ0h

Score
9/10

Malware Config

Signatures

  • Renames multiple (3489) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1712

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

          Filesize

          43KB

          MD5

          f34aa2332bce82ad3f73e10886d63988

          SHA1

          dd2a6bf05e8a47a023063083a00f8cacecd9c5a5

          SHA256

          691245fd07745cac970a07a33c3270127bea765db31cdb764f1976e8d8eb630d

          SHA512

          0afd3a5a7b7a113478105f1dcf61dcf4aafc5d4b51ecbd26046f68679505aa38804625d580fadf98a4b54fc6dcc3c2bb19d3d8beba387e571f13153b665ae8fb

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          52KB

          MD5

          4cb2380ddbffd11e6891e022e43d2fe0

          SHA1

          c9286702acf0edef76c990bcde72c7f208823228

          SHA256

          182bb19897769081946fc7b9a8fc935103fa8c4821d71f9c0f099d48c39ae0bd

          SHA512

          aea213a9e33c38bf8a08ffddb82093c0e6df0e9e3705296360756da69f29f80201386a3079eb65e4ae515545f555de8b8ae4a71a54edbca012956041b9f64a6d