Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 02:38

General

  • Target

    847031b6f7f1732382db525034a204e0_NeikiAnalytics.exe

  • Size

    71KB

  • MD5

    847031b6f7f1732382db525034a204e0

  • SHA1

    d4e644c946fb197e9bcc7244c7c988cfce9d7a9f

  • SHA256

    2e94be53c921576a9922815e5d206b92554c1cd7af9b59b65b3ae081b53520f1

  • SHA512

    672d4926abef8097c1aff717c40630045819de012a091717856bf489b9e916c735eafcf41b89a909ca4e2cd4a02317c35a14c010bc398cdbba084b458c4c8f01

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhW:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsf

Score
9/10

Malware Config

Signatures

  • Renames multiple (5194) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\847031b6f7f1732382db525034a204e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\847031b6f7f1732382db525034a204e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3168

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

          Filesize

          71KB

          MD5

          51ef2eaef08ec9fbf7da7851f27ef7cb

          SHA1

          1734cf9876625a5cfa374e22a4ac64cd5f0b25b7

          SHA256

          ca7324ebabb447c2e94c0a5fc501c17d4fcc00ddad109ce03b7f14cafd33c105

          SHA512

          cb608a3fec44cb945ff75333eafb9e00b5702ecb53fe0c052b4e19c5bf83ebe0d7b1011fad930518acaa9c844c6f879e4cfa44207de2bb9f16202160ce77a614

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          170KB

          MD5

          18b5ac681d9ba2536277518d4b286a6d

          SHA1

          1e9111e6d2b21c5271b92827b19bcb8230e87560

          SHA256

          c147d2cfef0a4184e03d5259ec6cc267d7e9a037712688d434850e0dafd0bc5a

          SHA512

          18aea2c6b10bf948116e5b7b3ebdfce7da042b63b80fe4c01049d88444457864c8191de70b51c7d6d71a82c5541aa713ec7e0f24d30e7c6f6dbd630fc8d37d89