Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 20:24

General

  • Target

    0175ec3c769ece79d513caa040a11850_NeikiAnalytics.exe

  • Size

    70KB

  • MD5

    0175ec3c769ece79d513caa040a11850

  • SHA1

    315b004cfa187305081edd35043ee65d18fe820f

  • SHA256

    ae5b45da6155dfb98a93a1dc31ad4c68c242a45b0eb84e5f007bfec446a5d092

  • SHA512

    06b3dbbd360ce7af7b703ba39b93ced7ba4878d92a35a34e4c8bc919afcaea86b0fe7485d738c73806a6c534cd83c8be8c89fe407e5783cd7d0ff8a08e9d1a1d

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUs24g:+nyiQSohsUs0

Score
9/10

Malware Config

Signatures

  • Renames multiple (1002) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0175ec3c769ece79d513caa040a11850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0175ec3c769ece79d513caa040a11850_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2468
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1400

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

            Filesize

            71KB

            MD5

            ae12ba0c70e417a03af2e5e0bc0b3e40

            SHA1

            493a529bab6c8820fff14de5d5ef0361946cc8e6

            SHA256

            a10ace6ef24003fcfc5859b7e4ea5230d5cefb2c3aa28a1a2b371ebd40c921d3

            SHA512

            d59b5e673b9b5aa37bf2e2ef864b8ed84b9367b0e60832819d120bec591dab155d54404a217264fc7a51f0e6e3e95bca27006f2650c591b6297ea85851d5ccd5

          • C:\libsmartscreen.dll.tmp

            Filesize

            70KB

            MD5

            da51dc8d1b75636e0bfd60da497b7205

            SHA1

            b243207ea83ec9b305f70b1351e4eb23326ba01f

            SHA256

            2b859ab6a863e71a6e2db39c63ef247ddd435114677b9ce09eca4a01798eb42c

            SHA512

            9e75936380fe237d1d40e66ec6db06d2a10955403b2db4498d8c17b2e44ea5e33d8e8c1c602f784e3a779b8c4777bd98fe78e173fb8b7f83ca41025e37533aec

          • memory/2468-0-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

          • memory/2468-298-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB