Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 14:06

General

  • Target

    e2ada3f6a5975229315a4c694d880030_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    e2ada3f6a5975229315a4c694d880030

  • SHA1

    adda49d6120c1cc215ca8c5ba3ce009bc9ef2cd2

  • SHA256

    2404a3b2c5719b69a589c0cb22bb7951761a4c2a9b5e07fc1ebfcc2ee425cda4

  • SHA512

    cba4b600020398793c192453487bb44e86d754d2d5acea0fd3fa8f4fd5cb3ae9b2a715b02e71738bcf39d08ac862faceb07010a417539e4622616bda9a1b8514

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/V6g:6e7WpMaxeb0CYJ97lEYNR73e+eKZP

Score
9/10

Malware Config

Signatures

  • Renames multiple (5093) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2ada3f6a5975229315a4c694d880030_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e2ada3f6a5975229315a4c694d880030_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

    Filesize

    78KB

    MD5

    34cdd1fcb448d37025ba902439747ddb

    SHA1

    1e6195d3e8ddf2ce2a7aeb72dbf584fe253491c9

    SHA256

    6a7df50476750ab71c53a1683d0bec45cbc919b8ae8a963cc34191b9f5ccf6f6

    SHA512

    601bbeefa9d6d0f037d960772ca6e1379f78e4ce805bcd4178d1041281bf40fabd664fe42b09b7b3e2ccb61973275cc87ffd12d619c0771135ae473c626191f3

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    177KB

    MD5

    3aac64cd4d2aeb22e0e58ae97e4f167c

    SHA1

    2ee0ef4db705f785427c44e1081da498479f1ad6

    SHA256

    59e67551a78cc4cb59b373543305ff397a2e612f5b3ee36556a10fe93b4a4d28

    SHA512

    065b2b25cdd8714885401577226f1c0847a12d23de2c3e4167019e495ffec85286c372fbc828cf129950d42cb42613243f6af0a405bde1151dcf14afdd639159