Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 07:28

General

  • Target

    38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe

  • Size

    43KB

  • MD5

    38d3c844d10b35f5cb77b90ada3795b0

  • SHA1

    f85239d73319dc11cdc9988df314949cce96c76c

  • SHA256

    c4fe5d10656390113bc12e0f52f809db26774f25fd1ca32b8ff06980825a142f

  • SHA512

    f822fa4af9dc9717c95707cd6d1acc8b7a384ae05e7cb0aedf500261585337ec0eb07f5e1bcee5d7ca16496fa98fb7ff121a868b8af7afff4b56d8deee376ef8

  • SSDEEP

    768:W7BlpNLpARFbhblkYlkrt8PWGoPWGBJ0CJ02asvasg:W7ZNLpApCZrt8PWGoPWGBJ0CJ0d

Score
9/10

Malware Config

Signatures

  • Renames multiple (3814) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3068

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

          Filesize

          44KB

          MD5

          1486f6cf975dd5364539d9a575770ff2

          SHA1

          d7c39f4ac212c4fc3b88f7aa6fcfe5fc11ea6c93

          SHA256

          8575eb2a73e180282553cfa2d17671bf50611ea4010ff5543f5b6ee76015841e

          SHA512

          3b144d0271aaa608accb6d61306341ed6adcb5bf4a404cb303e495207eaa2df2852e985720a5a76a6e25a83a2a1a5cb665c64717db72812faf1686efc1a2c423

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          53KB

          MD5

          be3c7130ba1fdcf5fbb13112304a4a49

          SHA1

          1e98d92da4bda37f0d26d3d3851d297a245dd67c

          SHA256

          40fa4dad48bde0c49c86d7ab7a18b889d155377052b73276c63f13131813ef8c

          SHA512

          dbfe8bd93e81355310b63547a4b4f761b6a8349ee3beb0fc08a72f140d0265c14e156589112e90c6125a88d9100b65e942a380b1b26447082ceec627a2d73fbf