Analysis

  • max time kernel
    149s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 00:52

General

  • Target

    16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe

  • Size

    118KB

  • MD5

    16d3aaf8c4dd2cf52b58b23843b11980

  • SHA1

    9e921ee6fbace34391a5fb95889b3a938ab19caf

  • SHA256

    c1ca2383439b982a263918a75afe704e430864459854b05f6f31f3989d4641ca

  • SHA512

    2aa7af6bc4f6e5e4b3813ace1f58645207ed2887882555335b164019d713d3ee2de37ecceb411ed0e139a612508f67df15f790cb9d9661fb1c64f5ebf6350e9b

  • SSDEEP

    1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfli4:hfAIuZAIuYSMjoqtMHfhflixit

Score
9/10

Malware Config

Signatures

  • Renames multiple (4659) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2108

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

          Filesize

          118KB

          MD5

          a989f509a7185abb812e6d8cfa0d058f

          SHA1

          862122b3ef3d1e2746ad204405a9441a58b0737e

          SHA256

          d962a8e2e8cc389e998f9dce1fcb5523ced0291950c23c69ddebaa685770a0b5

          SHA512

          99c62dc9373cbcbb623d6ea4d7558abff2753b1eeccba56f1556edd3cfb66ccd3e48800ca4aa1ba0158acc8704d929dc4e588072c728b30d7c35530ec3d8f3f0

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          217KB

          MD5

          8e9bd28208dee54b567ff0456ad05e77

          SHA1

          40181a1f10274c695a5e7e05acb60fdc1606215a

          SHA256

          12bab8c9129facd201ab2a36d5260c5c9a33d1b8b83e2b80367eaea670c28ff8

          SHA512

          253fe428c895be521c92b52f253e43ea80ea3a9f78932245776b06a1238e17d0d4cf30c484e9c447c477158c8ac24f0ed876c2a4bca3e932023d73f969f038ff

        • memory/2108-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/2108-802-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB