Overview

overview

9

Static

static

7

122fa9de06...cs.exe

windows7-x64

9

122fa9de06...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 19:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    122fa9de06f2dcc350a0bc7fe4069450_NeikiAnalytics.exe

  • Size

    69KB

  • MD5

    122fa9de06f2dcc350a0bc7fe4069450

  • SHA1

    a8e3803d33651665458ff09dbbe14e4a3da971ce

  • SHA256

    516198bbe20a09a140ce54c73346caaeebfa91f87a0c42b3e4119f9436c65d30

  • SHA512

    96e8043f43a5e6083a4f3f5448da83fa058a880fb0e21a87727faefe6aa48ce100541af2716ec7af32a97071e8193e8db5fc3231bdf89c32f9bda00c661bec2c

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZISWh7SWh3:+nyi/SWh7SWh3

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5187) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\122fa9de06f2dcc350a0bc7fe4069450_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\122fa9de06f2dcc350a0bc7fe4069450_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4268
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4256,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4068 /prefetch:8
    1⤵
      PID:3688

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
      Filesize

      69KB

      MD5

      f140bc60e8f78e0127dbfe13c44d6af6

      SHA1

      3e9247f0f863fc0bfa3e44c7167f5740725ff395

      SHA256

      2a8a6441d2dd71a93c8b317f56c76ade82ebb1af2cfa9e167b349f51fd3aa4d2

      SHA512

      7ce7a3ad13af6eac08ad39e227d3292348479c4d2c5f7406a6c1b849283d4dbf39c3777cd3988642a1bfa3640c6b89e5e26b0b2969b5fef9c85ddcdf36c810ed

      Download Submit

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      182KB

      MD5

      30b704a27e98f6043e8b1e216f4c8d5c

      SHA1

      3c03272b79106c17e5b5f0b1755196780c2ab7c5

      SHA256

      1fd3635d850b5986c21865f18b6e1291015857dd082a27b4e4985deed6095ee7

      SHA512

      fe3d5dd83b7dc6d2b8254e50d2b3939c01c105183df1ffca2b8c52c0e2d65df695c74c33a161f33ce18b050c3f517f4be643b57ff18285f64e59a7d37e63d473

      Download Submit

    • memory/4268-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/4268-1892-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download