Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 02:38

General

  • Target

    847031b6f7f1732382db525034a204e0_NeikiAnalytics.exe

  • Size

    71KB

  • MD5

    847031b6f7f1732382db525034a204e0

  • SHA1

    d4e644c946fb197e9bcc7244c7c988cfce9d7a9f

  • SHA256

    2e94be53c921576a9922815e5d206b92554c1cd7af9b59b65b3ae081b53520f1

  • SHA512

    672d4926abef8097c1aff717c40630045819de012a091717856bf489b9e916c735eafcf41b89a909ca4e2cd4a02317c35a14c010bc398cdbba084b458c4c8f01

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhW:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsf

Score
9/10

Malware Config

Signatures

  • Renames multiple (3536) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\847031b6f7f1732382db525034a204e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\847031b6f7f1732382db525034a204e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1284

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

          Filesize

          71KB

          MD5

          ce644bc74d8f2e4b793bedd9758a67e0

          SHA1

          1cb85a725ec6d19e666918b8e5b79853f8eaf6bd

          SHA256

          e7d012bd5b2e40499e7e91100a3860535aeae06dac69c26131ca58ff07ab1002

          SHA512

          33a86fd629854b6cbb3b266293b58e180a808aae06665ac1479df908c40c542d5bffb524914d6742825962d2b5a678ef271d51b246f4958ac27b637585a2de72

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          80KB

          MD5

          b393e87400b9691b637afadd2ec7861b

          SHA1

          fe94875004b620e95d8991ae3866f18081aa2911

          SHA256

          163d36e2fea19ab47d6f2f58293252dedf2137f425c03b82a639941e7c582d55

          SHA512

          e006842b31775d3aeb860b5984b5ca51921712c1afd2502f11778b3c1504d16aadc8bddec11335cbe647609a5976b984885a9f4385821ae7aa5f39c5691e3b06