General

  • Target

    a3b3dc8599081dd6039de4b87ac47a00_NeikiAnalytics.exe

  • Size

    122KB

  • Sample

    240603-pttwcsga35

  • MD5

    a3b3dc8599081dd6039de4b87ac47a00

  • SHA1

    c364252c47b0ee1d6d8c96b0ec465eb3327898ae

  • SHA256

    c937b35a1758f77fc6728f9ee6dc32b66d8ddc1eb0deb1a600a472b24221ae68

  • SHA512

    9ca0ad0e369e77a7e2d833aaee96df2f38592191ba48ed83778165ad41856a51247f4827b05d70ee1bb3dc5cca5826dda7c147e3f10a5e4f9e84386e9f304bfc

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZi7Zf/FAxTWY1++PJHJXA/OsIZV:+nyibnyi8

Score
9/10

Malware Config

Targets

    • Target

      a3b3dc8599081dd6039de4b87ac47a00_NeikiAnalytics.exe

    • Size

      122KB

    • MD5

      a3b3dc8599081dd6039de4b87ac47a00

    • SHA1

      c364252c47b0ee1d6d8c96b0ec465eb3327898ae

    • SHA256

      c937b35a1758f77fc6728f9ee6dc32b66d8ddc1eb0deb1a600a472b24221ae68

    • SHA512

      9ca0ad0e369e77a7e2d833aaee96df2f38592191ba48ed83778165ad41856a51247f4827b05d70ee1bb3dc5cca5826dda7c147e3f10a5e4f9e84386e9f304bfc

    • SSDEEP

      1536:67Zf/FAxTWY1++PJHJXA/OsIZi7Zf/FAxTWY1++PJHJXA/OsIZV:+nyibnyi8

    Score
    9/10
    • Renames multiple (4068) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks