Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 14:06

General

  • Target

    e2ada3f6a5975229315a4c694d880030_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    e2ada3f6a5975229315a4c694d880030

  • SHA1

    adda49d6120c1cc215ca8c5ba3ce009bc9ef2cd2

  • SHA256

    2404a3b2c5719b69a589c0cb22bb7951761a4c2a9b5e07fc1ebfcc2ee425cda4

  • SHA512

    cba4b600020398793c192453487bb44e86d754d2d5acea0fd3fa8f4fd5cb3ae9b2a715b02e71738bcf39d08ac862faceb07010a417539e4622616bda9a1b8514

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/V6g:6e7WpMaxeb0CYJ97lEYNR73e+eKZP

Score
9/10

Malware Config

Signatures

  • Renames multiple (3263) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2ada3f6a5975229315a4c694d880030_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e2ada3f6a5975229315a4c694d880030_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

    Filesize

    78KB

    MD5

    48e0df2f0170a948246a7b05fa68af78

    SHA1

    7eb0f9bc84936a124e9eed58b515fbc459d7b7c9

    SHA256

    b4fa6fbdbfcd2284d3a39cde8a8c4870c4ea55801b7e385b7fdad6e7afe015d5

    SHA512

    2a7da50e7ceed1e315c59d7f36196a6658e1507f959c97b4fc7336771295aa6f0974549f4be35f5ee4c9be5f99cd7937445a2cfc622a19c56c0e9a37903f8536

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    87KB

    MD5

    df672fa1fd5e1226a492306d90404d50

    SHA1

    01d43e484568e53f779e1e62b48bd83a4ecacfbb

    SHA256

    417edfe9ff4d30fa22dc89aff700aa718b76c28003ef3b1daa398551b872671e

    SHA512

    64d195d02bfed1e974c4e8ec9f0fe1ea9394ffba0f13cc0d170c4d722d80b29f026389b2ccce96d659f0665c009bb9971fc705f100cc887410e241889342388b