Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 01:58

General

  • Target

    81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    81d12dbb020cf5d963cf2239ab75b020

  • SHA1

    09e9abb6e16853105056724d368c6f9abcb19420

  • SHA256

    42395c23f65936da324e0a404ec859cf59f41d7595c35bc7fc7c91c33a156ec3

  • SHA512

    a65506b222f0f38e4c3d80719d929acd2619288093ca4eecf56da430a51c96b9b4a18c354676a26ec476459f27bcbfe30a42a2dd6a51e26e434971bfd03e743e

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJi:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfF3

Score
9/10

Malware Config

Signatures

  • Renames multiple (3794) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1924

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

          Filesize

          74KB

          MD5

          a98011b27b67963f25b34b4051859fce

          SHA1

          ffe045ce40aa5ff50a40cfc1f72d01aaa75e5a46

          SHA256

          6460d911f6fb929fda0d7fd1b70294bd2278533ab89ccb27c0209d9b92ca6896

          SHA512

          ae753bee9d45366966238025281996bfa15698723c45607d4b54e3f8f77b32e46c19b8f224f02e149f8e563802091a94000c0b9a6e643f11aa14eef4fce88def

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          83KB

          MD5

          78531e5297847a069346ed63dd7a3891

          SHA1

          8d7dcb2c25c9bf48fb802c391e50dc848068dfb5

          SHA256

          e8729f71f76f62de2b7415f0789a08b920fca217992b23c8d78ef570ffaed54e

          SHA512

          88c9b1fb72295cc699fcfe116a019e4a20fbdffca6f78eb30cc98a6d2cb229ab15a5dbe058e3fbf445b17cc81c51c4768b1fca4085c0f05ce1e72a0dbe7da3de