Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 15:53

General

  • Target

    0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe

  • Size

    69KB

  • MD5

    0f2ef4f5c4b3d3f67cfb70e6ea8bd670

  • SHA1

    e521e128b8f6af8232c139c5b73ccf037a437885

  • SHA256

    5268f6d5820e881f6eee60a353e184c2148588aa2441ffcb4146be1a9bd3adab

  • SHA512

    0687a4c8a336fae394730370256a8981bea2c64a7a05c55107148ec4594ea38cd5c7de5ac772f4a782df6a0cbd1583999bbd8e9ce40cef5def333f3d6c6797f6

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8v:+nyiQSo0

Score
9/10

Malware Config

Signatures

  • Renames multiple (5100) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2672

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

          Filesize

          70KB

          MD5

          eeb8bffe0cd9fcff6c129329b80780a3

          SHA1

          5e84a0533f9f69fdcf29e128389d36cfac4b209b

          SHA256

          ec29925bc23d0a0a94407e7bdc0ac2ce77f63569966cb877d3e618c18d85cb0c

          SHA512

          7a917bf0044ff43a1f88a985286c49562463b905a3f9835aeab5dea6ebac05d5cba98dff6a4d2b5bb6d6402cd56e661d8579c6edf89a0f8870cf3173ccf6155d

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          169KB

          MD5

          6a17cc154c7a6a252cc83e4a7883e8bb

          SHA1

          84d4cfe04f6be031f70baca4adc96d8e25cb37a1

          SHA256

          161a4642087df62f2594d69507fedf60e7c16360d021daf058dc78504596b2e2

          SHA512

          bfa163fd5b6fc30772742e43323acb71ceffbe0c848a4d8ce08cb0e9c3d76339f89e91f95043f6d7bb1b036725f319acb5d2102e91fbeaba3a697f56599c9b63

        • memory/2672-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2672-1790-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB