Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 01:37

General

  • Target

    80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    80672aeb9acf2d4a3cbf66be481f39f0

  • SHA1

    473905ce6cf7256d2e1220c6dc687f60ff7f3969

  • SHA256

    b95ca2adf5b966c0471262b8f9fe3b9740bc0461d7fc92f053d0cb62f4a15823

  • SHA512

    3a48249e07f3229b16361076584372476ddf40a398e7e4700a4aac849ab2c03a1994ce492fbad03993c334a3841ffba651a50ab74412f9eb3a59d957f74b9532

  • SSDEEP

    768:W7BlpNLpARFbhblkYlkrt8PWGoPWGBJ0CJ0z:W7ZNLpApCZrt8PWGoPWGBJ0CJ0z

Score
9/10

Malware Config

Signatures

  • Renames multiple (3762) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1736

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

          Filesize

          46KB

          MD5

          c124294ef07335e116e5fee1a5a78fef

          SHA1

          0929fc04e4f2affbcc6fce382962de9467bd0217

          SHA256

          dd5434b92487fa6150f17c68f0b54e0ff8b4de6fc85b0daf8d9990fc452e83ba

          SHA512

          26f2ae5cb074869bc6cb9ce26e4dcaed70c96af441979463547fb2dc6ad22de40ab125d4d2bae364b4ee2edf92c65ffd281b8557521cc8e943429749f374175f

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          55KB

          MD5

          638dd072a696f28f71d4a55b261bfa98

          SHA1

          65433e9a7f6649b65d38f82b75a02c6a8b3785e7

          SHA256

          998c6fd4921a6f93cbda74469061b54dfdb5cbeb732b3c22f621313716f401fa

          SHA512

          26ba37badc1eb24a0eae167acaaa58687f6168db47b67a3958a2a55fe10f04c06212790ae6bba58b5dff908e3e34908e8607264414bd79e02b3aabaf25ae0e5a