Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 02:26

General

  • Target

    83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe

  • Size

    364KB

  • MD5

    83b4b38ab22285db9c1803f54ef639b0

  • SHA1

    186eaf9e015ed93f4028cf740167958a1070fb67

  • SHA256

    74cb67e969c5abf429bca2093376f64a15d4ce2c6ba8431ccce8bf8b05665cb0

  • SHA512

    2f6cd1b7c7049b9c21427412765b5244f04698c4dce8d1e101552923b688d0efd446a5ac036a5cf2f160eb8441aae7c5cd2f04699fc0e2061b14a0cb024fc08b

  • SSDEEP

    6144:hfAIuZAIuDMVtM/cdo4Mxdz68XUrdrWnGsTAvfwJY8Gp9WQuZUw0HfX+B5ywHeGn:ZAIuZAIuOVdo4Mxdz68XUdWnGsTefBAJ

Score
9/10

Malware Config

Signatures

  • Renames multiple (2708) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1284

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

          Filesize

          365KB

          MD5

          932e0073d03a208eb84f626040fdcfff

          SHA1

          55d701873cca2f4bc6b276aa181b59e3f1186361

          SHA256

          bea7f1b3cfb43e0e12e0f9a5e14b3db8861d024c4196e98674cda7f1a0f127ad

          SHA512

          4e5feb230750a8063115f5beed67e0ffb9270bb0b2410cc6c0a5d6f66c7d1ad13560aec669909624cfd1ea2e7aca6b9c870fd99317870b3c18d4917cad5ada42

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          373KB

          MD5

          54d4d7abbdd550f8f4311f1643c4a6f5

          SHA1

          ed97f768893000f20eb0248db09911687627aef6

          SHA256

          504c64dbbb9417733424f7c9ac4829ed247c4a36b730968cbe87f850ff79d74e

          SHA512

          a40327e8efd2727a0299348a281e9831a30bfecce486d6079f286a1ce86d3d951be9cb4c77baaa5fa5f8e08919ffacbdc1944f123f4e6ad7eff9e1d0a9dbf1f5

        • memory/1284-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/1284-74-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB