Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 20:24

General

  • Target

    0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe

  • Size

    41KB

  • MD5

    0177bf1e7f4efce8d5f09d6b465ecde0

  • SHA1

    1d1fe4570ce54180dcdcbc38cb3c95712ec386fd

  • SHA256

    290acdbca4c4685524de159b1c8dcf3839d03362ea95d778f0e2fb29e2e99217

  • SHA512

    0896e3d01fec516df3c789b4afb1d6b7b925f8071200d90f9d337a9b84db910cded647e989c627c944961e840da9618a5205aeb870cb98bfeb6d614969d35ba5

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2o:CTWn1++PJHJXA/OsIZfzc3/Qo

Score
9/10

Malware Config

Signatures

  • Renames multiple (3736) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:788

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

          Filesize

          41KB

          MD5

          17796e673ee46bac14394045d7309d53

          SHA1

          e431cd0fdce177ca56ca6480fd6e465ca6e6194b

          SHA256

          9cec224efb2596b4ab6eb813d0cd172878a7094181f8a159477399185652c64c

          SHA512

          abc9cfb67c7ef581acb5304006bdfc8715e30070d9f125aedec6624e1c0ef994e727a11611f0232c558ca4872c4656c19590f0b4023ca6de7bac3ea68f1c53e1

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          50KB

          MD5

          43742567719e2817c16f40ec9556ec33

          SHA1

          2481f5061d1629c4e8c25376b23ff67526d8c338

          SHA256

          c4830e194235d768cf91dca0eb48f9e44b024c96f50abef4af026941cc5916a5

          SHA512

          5d9f5ae089447aee5efaebb37fe864eaa953d23b0c3033091132fd7918e68398a24d7f69837bbe8f472dbad85f65e2aa7a4945c01acbc220045b5f0556fd4e85

        • memory/788-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/788-74-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB