Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 02:33

General

  • Target

    843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    843480470fed5b86d265b2d870e7f1c0

  • SHA1

    7bd5c5f4b4596b0977baa6cf5650fb5484675c4b

  • SHA256

    88b798c89aa7465de3a0ed03b2a12a56acb415dbe56f535cb16a16d2e4aa680c

  • SHA512

    84e05d47ae6955e59caee32b3caa121000041ab0d2c5f7f11f3b7258d1b24f0e9055678ae32c340302c716b23315e2548e83209ccde6abbba00522e28c7a95f7

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEht:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsE

Score
9/10

Malware Config

Signatures

  • Renames multiple (1024) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2724

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

          Filesize

          73KB

          MD5

          70cd9689e9702bc7a285fedc160b64f2

          SHA1

          a0cf1f63a62bc314d2890a5166052ddbb1d3fa60

          SHA256

          77128f906d1dc7d4a5ceb4559ae421fbb93ac7b2050dfcf471672dff28074bc9

          SHA512

          c543f6a1299ab0e6d81a2a84aeb9c0db3cfacd0f03c4b48068111633e13df66d1d90fd0f0d6e6c6a3e296043f92afdebdeedfd383e1efe5f5d4284f86228004b

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          82KB

          MD5

          25a97bf5a0db18c81ed21dd9c684108b

          SHA1

          32878ed13d692965280c389f24f3da8cbea9c0e9

          SHA256

          b219ab214f0fac113a22f6004680d94a8fe67539725ac859e529cdd3f9bb63ab

          SHA512

          6ad629568875543296f4ec0a9f7fd3be8027a5c572c2aacc619cf333c40ae56a15ee6d98a6e6a890845e0e3f4e0fe075bf9ac88515c66478fa5523e08ffed964