Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 02:33

General

  • Target

    842b0b42081097e5c95fc08710ee8e20_NeikiAnalytics.exe

  • Size

    249KB

  • MD5

    842b0b42081097e5c95fc08710ee8e20

  • SHA1

    1c5f93ea0b5d1e8944f7c813d2388b7a96745320

  • SHA256

    0176e4ea126a0d0c12358b09de279561c826461dec0dcba8974c43a81ba0ab5a

  • SHA512

    f9da00358efad684112de6643034fa251ee2dbda7435bb9b9d1ee0d65d89e81387a2ad9239ad8435cf9ad8c90f23090b1b7f74890c42370ba7083308dfa5f994

  • SSDEEP

    6144:KmCAIuZAIuDMVtM/sg8fAIuZAIuDMVtM/sgY:IAIuZAIuOBgOAIuZAIuOBgY

Score
9/10

Malware Config

Signatures

  • Renames multiple (3087) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\842b0b42081097e5c95fc08710ee8e20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\842b0b42081097e5c95fc08710ee8e20_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2908

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

          Filesize

          249KB

          MD5

          9a15f127f1ae03461fdafe4c0c89c301

          SHA1

          6e960ff51ef7e2facfa2ddd8a145ccb2f9b10040

          SHA256

          7af320996c2dcac096bf48f425051c7830f12649616e8db695cdeee20f6e6fbc

          SHA512

          d99547384e0b26533d56508a191a7ce4011e380e79a0f878a20d3b078d442bea16a39c9b324a1243a7f332dd1a7ef6900480ac5b4402e8f323ea657f35e0ffb8

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          258KB

          MD5

          9f9d101a716936fa8a5a3bc1d1d1728e

          SHA1

          81654d38f6e7d6ae656a65411484b80db9cd82f0

          SHA256

          2a2254a7a9495390c8461b050ce53db95f640bbeec604efa0fb085018b334664

          SHA512

          3fe39464798b02a740b7cf11b721ba2f1dba5b5787ccbbc3ddde25ae6bef1dbff9a44625d9a12b2b8125f6c79a145a498c1bd6482d845d1746ada5167383098e

        • memory/2908-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2908-450-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB