Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 12:03

General

  • Target

    a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe

  • Size

    99KB

  • MD5

    a2bbb491635c8db0e30ad050e4c87a30

  • SHA1

    8ffe7347c8fc3261ca72b85d7f6d9ea6edde92ab

  • SHA256

    a97140f20071a9ba268b8c445424f14e97f5533a811fa2104db6e748ea5e329d

  • SHA512

    71f2b126bc5b0bacba9ac601503e0faba61ce3e9a0794a237e903a1ea1bd115909917bc04dec67cef6f8793ba90b877c98d9ac8109eb875484f4c474b70b4841

  • SSDEEP

    1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNcpo:6rWpcOPxPke+e3fFpsJOfFpsJbgEd

Score
9/10

Malware Config

Signatures

  • Renames multiple (3423) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

    Filesize

    99KB

    MD5

    83ce38dd819df39b82762aa750bb84f2

    SHA1

    c0f3e165c9fff1a8da7e51b1ab6a2a09179b69ae

    SHA256

    735e01f290d82407d59c7b6dac000833645f345806ebf419f381d6277ed0b847

    SHA512

    0985f73a5402e9bb66e720697339c09f4e77c622142080ede438ed35006f274e3efab7224b99701e088272bc7391d5370c3092730e53913a47e014d373554c94

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    108KB

    MD5

    be11edb61c956963fa643cf09dafd412

    SHA1

    71b08463585f94c30d7897f99bc4fb503a0e4c7f

    SHA256

    98ff6e3f138be7b4148932c4c2112df1daa5817d02e259df99919b599ff422fd

    SHA512

    ccbf489bdb979ff011c2dfaa1695a9ee115c59e65a6a738e6c9be0be7032c31f1b01dfbe3a97948d87b0d50936edb14c9ef0f2513e45032553dca6803aa60230