Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 00:52

General

  • Target

    16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe

  • Size

    118KB

  • MD5

    16d3aaf8c4dd2cf52b58b23843b11980

  • SHA1

    9e921ee6fbace34391a5fb95889b3a938ab19caf

  • SHA256

    c1ca2383439b982a263918a75afe704e430864459854b05f6f31f3989d4641ca

  • SHA512

    2aa7af6bc4f6e5e4b3813ace1f58645207ed2887882555335b164019d713d3ee2de37ecceb411ed0e139a612508f67df15f790cb9d9661fb1c64f5ebf6350e9b

  • SSDEEP

    1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfli4:hfAIuZAIuYSMjoqtMHfhflixit

Score
9/10

Malware Config

Signatures

  • Renames multiple (3151) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1688

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

          Filesize

          118KB

          MD5

          443bb19371cfbcedec2b6f338399cabd

          SHA1

          389c576b4665200219e062d7c393fa12c4652ea4

          SHA256

          34070ba0cf95d123be1952629e5ab0947835f87d2f5d726bb8da222b427c6544

          SHA512

          b4df57a98aa434d842ebe016bf430553cd15dae43952c4fd17482b30695de395506424ab4a7b2d8e7ca2a905c7dd640113c1e336e6b41c09310a9ae53e53b018

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          127KB

          MD5

          bf2168f56c5f25302c7e7cbfccbe40e0

          SHA1

          192dc44376707d652d5fb6d2c51b56f588039bf3

          SHA256

          c071c4c157bab685530c943181df278ca19566bf5e7275626a0ee71adc238952

          SHA512

          ed485e165897bade2cc2675b460692636c06727c085aa88b640311d130898c0e4bf86024a784e2f40a0a4814a5a034a352b471e3a62cdec7dc01cbfaa7f23847

        • memory/1688-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/1688-74-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB