Analysis

  • max time kernel
    150s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 11:40

General

  • Target

    029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe

  • Size

    43KB

  • MD5

    029fdee291172faae67ad45d4541a520

  • SHA1

    99bbdcc98e8c9497c457ffc36a24068040cbaad5

  • SHA256

    01204386d084e6820be2f305f779634704dac91e51be36b843dbd44c6de5af97

  • SHA512

    da5181e7442d78992ab1d44f8abda8eb6e5aa9f8c6aa251b558b56f11ec65d439db60a9cc21769612321a708fa1b15d74f1a37978be19055bec41c706e0c7ab8

  • SSDEEP

    768:W7BlpNLpARFbhblkYlkrt8PWGoPWGBJ0CJ0h:W7ZNLpApCZrt8PWGoPWGBJ0CJ0h

Score
9/10

Malware Config

Signatures

  • Renames multiple (5028) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4256

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

          Filesize

          43KB

          MD5

          bda38c72f33a17eb7e668d9ef3819321

          SHA1

          80ecc6fd4ff7524de1bafd2c5d42a4eaff4b11f2

          SHA256

          044610d5f0b92bedc1e34583c3e51b4cf18f51cf7b36ef83baa4e801426b53f1

          SHA512

          1880c2e4cf71255a1e6a86e28e8001c9d22aaafedec1b8a4dca749375bac4c313edf1b66547777048791fefa118bed90e56c0df6e0fb66ab6f6c1c22cfe4395f

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          142KB

          MD5

          77514767c8d991949f17b91e8155b86a

          SHA1

          386ed36fb96dab548e72c7b87f89d0e32fd86b83

          SHA256

          266df762c5ac66594dbfbe61953828cbbd41ffa0aa9b7ff34fbe156572f1509f

          SHA512

          0168b05f70dd3f1182c16a744d5a7880181afbe00c333599cc5b1db2028a03d30a7537f126c0ecd4d9bd04c7544bdbdd13b388034912fd2a0dddab68bf210c5c