Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31/05/2024, 15:53

General

  • Target

    0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe

  • Size

    69KB

  • MD5

    0f2ef4f5c4b3d3f67cfb70e6ea8bd670

  • SHA1

    e521e128b8f6af8232c139c5b73ccf037a437885

  • SHA256

    5268f6d5820e881f6eee60a353e184c2148588aa2441ffcb4146be1a9bd3adab

  • SHA512

    0687a4c8a336fae394730370256a8981bea2c64a7a05c55107148ec4594ea38cd5c7de5ac772f4a782df6a0cbd1583999bbd8e9ce40cef5def333f3d6c6797f6

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8v:+nyiQSo0

Score
9/10

Malware Config

Signatures

  • Renames multiple (578) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2812

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

          Filesize

          70KB

          MD5

          3e6ebb1d10c062624872850cc8404e19

          SHA1

          cd52d71d0f53fa8874b6eb4dbea32eeda650662c

          SHA256

          e2733fb4a7092dee99a4de26864d63e6e3004effcc22eeb14e1116e5cc9b3a98

          SHA512

          802f0dc775a29fa259ddf7cb58c357de01a51ddc6affc3ac5ee557758308d4ffdf709b08bf11232bf4b50291d467a87bdf4f79b81877267a98d756a42bf23d13

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          79KB

          MD5

          b3b3d05e72fd3e3f75140148d771620b

          SHA1

          7d6ccfd3fe1dea8de7740efb641e94ec84b48805

          SHA256

          0a7d91b50eabbf8fd2a480dee7c39f4e8834cf0ee53168c3b91752eef8c2a2ec

          SHA512

          39400ecb670ef84477f6d73a1fd19cc27d008579c3911b90e48ade4a701eaaef2a46436da2d8e8e62337f8d1adfbeb426003822e86e98f3fb9c904aae52aefaf

        • memory/2812-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2812-68-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB