Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 02:21

General

  • Target

    8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe

  • Size

    48KB

  • MD5

    8368188a13878d819eecde96bec0b360

  • SHA1

    68214f35bc7a4d9140f46f90751f46f83d3d940d

  • SHA256

    e69807b0ed6836e36d5ec79ee3235db9c2a2cabbec9a6e48f6a771ea78162fea

  • SHA512

    38b911fc4bab944317d05663ede0d6107cea8c75ad6a0edb5fd294bad1414ad76863900928c9fb062b4044c3e892fc4a44a58d3cdf6294da272b1d316df54127

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAF94:CTWn1++PJHJXA/OsIZfzc3/Q8q

Score
9/10

Malware Config

Signatures

  • Renames multiple (3497) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3008

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

          Filesize

          48KB

          MD5

          697b324cec7cf1b984a82956ba58a28c

          SHA1

          c15bf2917d93aac17d703ef1d5734bf395ec6aff

          SHA256

          ed8bfe12d3d5fea0452ba368887c181cce3bead60d0d1948081a10db4be2d9dd

          SHA512

          ced0767422cb8f7f25d06c8723f42cd6754c7c1b59d01c790ea65973fcc24b0709e6e6a1cf8f24f9c7282d1a80329e733601eea8ede21aa89dee0733d3e0db2b

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          57KB

          MD5

          c2e122474faf52d01904b286a1b55380

          SHA1

          d7a19a9a61f3829b3e76df85e41222427dcdf417

          SHA256

          693e8c4eeccd47b7045fce974eb9baf6a3a20e2614e367bbf123b69c5db741ee

          SHA512

          bb37dca36a04432666e79ba286fcde276e18fb00276f59a122463d2ecb6d664e89793d161bfdc87e272f1d63c2e92f9864f5d53d664ef02ce6261fa670da9c2d

        • memory/3008-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/3008-76-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB