Analysis

  • max time kernel
    153s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 20:24

General

  • Target

    0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe

  • Size

    41KB

  • MD5

    0177bf1e7f4efce8d5f09d6b465ecde0

  • SHA1

    1d1fe4570ce54180dcdcbc38cb3c95712ec386fd

  • SHA256

    290acdbca4c4685524de159b1c8dcf3839d03362ea95d778f0e2fb29e2e99217

  • SHA512

    0896e3d01fec516df3c789b4afb1d6b7b925f8071200d90f9d337a9b84db910cded647e989c627c944961e840da9618a5205aeb870cb98bfeb6d614969d35ba5

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2o:CTWn1++PJHJXA/OsIZfzc3/Qo

Score
9/10

Malware Config

Signatures

  • Renames multiple (1060) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3580
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2140

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

            Filesize

            41KB

            MD5

            eb1923faaebea5b20492839814ad99d5

            SHA1

            73ad261532b66dcb32bf31d8ecd0d18cbdad7d1b

            SHA256

            9129031e4e07485488d432cf2c2b7a6fc5a4c51b533ae972da0d135ae1df28ba

            SHA512

            48ea34548404b5456f3d2fed94a607ce78fbcb835f3db826f03849bc2a45c47a8c8de3a8d898801e6db886b27b510f20933c53eccd12f67f8b5718cf1a56a2ca

          • C:\libsmartscreen.dll.tmp

            Filesize

            41KB

            MD5

            0d8cda956c4df40e1d7f1b8995beff99

            SHA1

            7dfdc2324c8b94260349510ef07c187d0b8d3f5f

            SHA256

            ef6e77ac7ac01085fb0310fe2092ca0a4ea5322af9bf531008a55b2ecae91409

            SHA512

            1681b507cacb92065fabee4fa993179e5170427a0befdb5c4e9af7f21030e2c4648d87bf0f5e380ccf8fe5f93f8d1b260d8663232f9e18337535cc72ef0f09bb

          • memory/3580-0-0x0000000000400000-0x000000000040A000-memory.dmp

            Filesize

            40KB

          • memory/3580-66-0x0000000000400000-0x000000000040A000-memory.dmp

            Filesize

            40KB