Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 02:15

General

  • Target

    82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe

  • Size

    54KB

  • MD5

    82d931fba7d3010680d070e1cf0e7650

  • SHA1

    4759e0df57792c6c03294d9a5102eba498b41f44

  • SHA256

    e3a5bcf409210125ff08c08fccf665980b3c6a939a117805b03f6f7f3c465ec6

  • SHA512

    330fd83d50f28bf960ba65f85d9e3668c44d438e4e705f21a4b687f0e294d00693c73664745b98b7ec17ad9c4d69f8bc6288aedf4ff6a005a39ce3b0e936d152

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsxe+eX7n97nF:KQSohsUsxe+erZF

Score
9/10

Malware Config

Signatures

  • Renames multiple (3730) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2192

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

          Filesize

          54KB

          MD5

          47d9ef3a328ea137f72351125a6e6087

          SHA1

          db0e52095327f2bb504b1240faa4efdef6700bfe

          SHA256

          ea1a0eb3665b004a25dfdfa547352d4ff220aa3ba1c0eae4740423d29ae421f0

          SHA512

          0b631eb4193b5ab50e7daef469e8dbe002b88d44e937856bef6f67093f5aea714161dfe7018d09e4d039ad5485d3bb15c5a5c9e9703fdd33c08a5be1be7d31ea

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          63KB

          MD5

          cbd3e514b81ff60e4411f8b3f277cb51

          SHA1

          cfdafba6976bce711a1644044a350697472e31e1

          SHA256

          2971633a517c89a7d5bec770be32d222df8c3d14e5e34f0a2ce77d0bbff6af46

          SHA512

          02baff2c341d2ffcdc3b0c1f37da7b77eeb95b9c28b741f97c566d790c825506c26ca438d959d98638c4c3a6bfb0b7ee754e59880891f65bad8676287f7337ee

        • memory/2192-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/2192-86-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB