Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 12:43

General

  • Target

    a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    a3d385dc46d545e6c53be1a36e324fc0

  • SHA1

    a9b131246fffde5cbcdc6f2ee44fb8470c85f129

  • SHA256

    58b6b98a4ea5b3513adac0726a1cb74a6e25c3730a6f8bbbb9681f0da122812b

  • SHA512

    7b2ba22dbc27f511e29268e276806e57f61eff23c409f7d2fd759784948c4f54f0380843946eb3b44a20e90038657b73db085a8deaaf5970abed867a9c0677a1

  • SSDEEP

    768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJi:W7Z9pApQESOHepOHe8G+6E65TGA3vICU

Score
9/10

Malware Config

Signatures

  • Renames multiple (3708) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

    Filesize

    73KB

    MD5

    695f94bdfbfd907f6e5a4fa2181af188

    SHA1

    f8318ea277c7cdee09792a0e4ebb5a485a0dab6a

    SHA256

    a0ae23f99d4d0680cd9762956bcd9f22147cf6d886ad93799c4ade58b9ff1876

    SHA512

    1a1f35879f03724d8c104386376c78212c4b561a00ca961f4b46f288046cd4174e07cd7b3e2e7a6bc4cc546a7432daa530d515f919f8a3aaf712c2def65d411b

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    82KB

    MD5

    07b1c4b3b400cc5e664b5a39e5b4c56e

    SHA1

    30b8815ec61d0d045f52c25bb3a1b739fd5e886e

    SHA256

    933fa5ae9b92fb6bc14b90af8de288dcd5be8c8e160128b3cf3016a8f205ca6e

    SHA512

    3b987ccdac97244e6cc79648c5d54da3d426590aea505b049a33552c5bf3d1c7a8e912624299c885e735cab484819f3c0ccc354a1153271249177684aec4d648