Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 01:37

General

  • Target

    80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    80672aeb9acf2d4a3cbf66be481f39f0

  • SHA1

    473905ce6cf7256d2e1220c6dc687f60ff7f3969

  • SHA256

    b95ca2adf5b966c0471262b8f9fe3b9740bc0461d7fc92f053d0cb62f4a15823

  • SHA512

    3a48249e07f3229b16361076584372476ddf40a398e7e4700a4aac849ab2c03a1994ce492fbad03993c334a3841ffba651a50ab74412f9eb3a59d957f74b9532

  • SSDEEP

    768:W7BlpNLpARFbhblkYlkrt8PWGoPWGBJ0CJ0z:W7ZNLpApCZrt8PWGoPWGBJ0CJ0z

Score
9/10

Malware Config

Signatures

  • Renames multiple (5357) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4416
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4212,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:8
    1⤵
      PID:1064

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

            Filesize

            46KB

            MD5

            96099b3894a1c40c7d56d199ff0523da

            SHA1

            714ccdaa7cb12b48d5848a977073f7648cf76dda

            SHA256

            580436b2cd7d6aefbc40f09962968ad4376fe53090f165a003d90665fbe2c273

            SHA512

            037bb73141b2917c097d51da94aaff925fd06c300cdfca6da2f7c7b93284e9c3b9146e9d73bf1e6bcfbba1498dc92d492aa8dd0cf5d0af4f8907686388ad2bf4

          • C:\Program Files\7-Zip\7-zip.chm.tmp

            Filesize

            158KB

            MD5

            a8aefbe124f820a9779e6b8febcdcc7b

            SHA1

            bea5ad8956472ab13fe5bd4768d21c20c3ee9dd7

            SHA256

            5ad538a58bb2467f6d294f7f7f540f4a4f0ad237c624e50edbd98fd71e8c0409

            SHA512

            76873a2860b775adbc0bd17766a4cbf4e9c15119058fffb7bdb3e0a63ede96d524b8681b774c31e017f5b0fd1dccadd72ec79de0818cc8b831874b0d9ad9e910