Analysis

  • max time kernel
    150s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 02:33

General

  • Target

    842b0b42081097e5c95fc08710ee8e20_NeikiAnalytics.exe

  • Size

    249KB

  • MD5

    842b0b42081097e5c95fc08710ee8e20

  • SHA1

    1c5f93ea0b5d1e8944f7c813d2388b7a96745320

  • SHA256

    0176e4ea126a0d0c12358b09de279561c826461dec0dcba8974c43a81ba0ab5a

  • SHA512

    f9da00358efad684112de6643034fa251ee2dbda7435bb9b9d1ee0d65d89e81387a2ad9239ad8435cf9ad8c90f23090b1b7f74890c42370ba7083308dfa5f994

  • SSDEEP

    6144:KmCAIuZAIuDMVtM/sg8fAIuZAIuDMVtM/sgY:IAIuZAIuOBgOAIuZAIuOBgY

Score
9/10

Malware Config

Signatures

  • Renames multiple (4673) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\842b0b42081097e5c95fc08710ee8e20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\842b0b42081097e5c95fc08710ee8e20_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:456

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

          Filesize

          249KB

          MD5

          a33391fed91c742b2c3bad7d82d910d8

          SHA1

          94b7e1d88cf63cb6a42638bdba733fbe90ad14fe

          SHA256

          56ade64479e8c318649e681759346241386df3738c1c07a890990aab2c772430

          SHA512

          64992275b842a98a51a5142a6ae4de1f59b4dae5c0b8660dfc27359302d21ee3f4892de48b7d9c49846f9569acbcc5212c48458dfa521168a2fe88936ebcd812

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          348KB

          MD5

          731bf1fd39b8a3196899eccdb2ee60fe

          SHA1

          8c3fcb7442cdb1eb6a29f9337a77ce969b95f2f3

          SHA256

          443d97d8b80066a57650626c8ab9f4271f7f0b6ed362f079015c68cb1df342a2

          SHA512

          a0ae3449fb78733d2b1a211a291ce7061851fbfdc94045b156055462cafc68ab89bb20c61c8320352ee5ae608cab96f20959af6e6338b7258597ba72f8005d43

        • memory/456-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/456-1600-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB