Analysis

  • max time kernel
    149s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 12:03

General

  • Target

    a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe

  • Size

    99KB

  • MD5

    a2bbb491635c8db0e30ad050e4c87a30

  • SHA1

    8ffe7347c8fc3261ca72b85d7f6d9ea6edde92ab

  • SHA256

    a97140f20071a9ba268b8c445424f14e97f5533a811fa2104db6e748ea5e329d

  • SHA512

    71f2b126bc5b0bacba9ac601503e0faba61ce3e9a0794a237e903a1ea1bd115909917bc04dec67cef6f8793ba90b877c98d9ac8109eb875484f4c474b70b4841

  • SSDEEP

    1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNcpo:6rWpcOPxPke+e3fFpsJOfFpsJbgEd

Score
9/10

Malware Config

Signatures

  • Renames multiple (4832) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

    Filesize

    99KB

    MD5

    6e35c3dd272deef4da549f8b163e37ea

    SHA1

    a46d3ce22988d64b5a00e16866448c11c1294880

    SHA256

    c2c59d6d4e3ce69d7465414b14a7f1b7341a1015a6a1a7fb883bbd1973a139c9

    SHA512

    8589c2c1a29b8fc6428ef25c1b60ea10d8bf09825a48818398445cd60702403775079e93af93a8e012a688def28d4c42f1fa87517ed7c2e3ff337fd387a9fd0f

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    198KB

    MD5

    34f488e43997184fc7ba1210de270506

    SHA1

    1dcf26fb5829549b50075f39ba5fa233fd493a89

    SHA256

    944bc4348c146a6f9ba27c55cf3f2c8f4eb5c0665249b339c27173e0d0c06740

    SHA512

    01e05b911cab034ac47692a88984e80453e3c3ba4821b1cf57ead47b3699428a4a0131c6f6325495e58a9e2626a15702239cf471c9c74851bfbc6947ae2240f9