Analysis

  • max time kernel
    148s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 20:24

General

  • Target

    0175ec3c769ece79d513caa040a11850_NeikiAnalytics.exe

  • Size

    70KB

  • MD5

    0175ec3c769ece79d513caa040a11850

  • SHA1

    315b004cfa187305081edd35043ee65d18fe820f

  • SHA256

    ae5b45da6155dfb98a93a1dc31ad4c68c242a45b0eb84e5f007bfec446a5d092

  • SHA512

    06b3dbbd360ce7af7b703ba39b93ced7ba4878d92a35a34e4c8bc919afcaea86b0fe7485d738c73806a6c534cd83c8be8c89fe407e5783cd7d0ff8a08e9d1a1d

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUs24g:+nyiQSohsUs0

Score
9/10

Malware Config

Signatures

  • Renames multiple (3434) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0175ec3c769ece79d513caa040a11850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0175ec3c769ece79d513caa040a11850_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1660

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

          Filesize

          71KB

          MD5

          a0ca600f21f84ecd2a190576dcd208fe

          SHA1

          f80955f8e16723a6602fc5b412fdca580d5184a3

          SHA256

          4bb3cf24a5aa7f6e379bda8961b45480d1ed8c2e56a4a1b975797b8c90217f0c

          SHA512

          ae1d206333ac17995467cfa06e30cd1a60d2bc727ce557bd7683af4fbb516baba7788e836aacb009d02437554e65142b5a40dfc9c31e09a9a0e3b8418292d0cc

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          80KB

          MD5

          d30434286cd5fedf8af17d9c92c3a7ce

          SHA1

          dbae19345e59f869c98e042c1d3231ff2a1389cd

          SHA256

          bbb14fe5b7f307e2243434ba08293cafab5129e330a74de53c0152996aecc6ca

          SHA512

          36310521df812259a5a5058861f66101984eb7ff097f24840b0041a396dca888b831244bcd52b17cbfbe2280b650a79ca2e6374ab97dbfd4387f78c25661273d

        • memory/1660-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/1660-484-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB