Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 02:26

General

  • Target

    83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe

  • Size

    364KB

  • MD5

    83b4b38ab22285db9c1803f54ef639b0

  • SHA1

    186eaf9e015ed93f4028cf740167958a1070fb67

  • SHA256

    74cb67e969c5abf429bca2093376f64a15d4ce2c6ba8431ccce8bf8b05665cb0

  • SHA512

    2f6cd1b7c7049b9c21427412765b5244f04698c4dce8d1e101552923b688d0efd446a5ac036a5cf2f160eb8441aae7c5cd2f04699fc0e2061b14a0cb024fc08b

  • SSDEEP

    6144:hfAIuZAIuDMVtM/cdo4Mxdz68XUrdrWnGsTAvfwJY8Gp9WQuZUw0HfX+B5ywHeGn:ZAIuZAIuOVdo4Mxdz68XUdWnGsTefBAJ

Score
9/10

Malware Config

Signatures

  • Renames multiple (4347) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1620

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

          Filesize

          365KB

          MD5

          7fd4e3a2dda0bcbd5ecb36653568d1a3

          SHA1

          eaccc7d9aede42dbe1b5111191e0113f9c0d7ded

          SHA256

          fad86e2521e57ec5a712010e9b6cb14e321df040d4225ebe90105d507232bbb7

          SHA512

          a9ad9b39c1f00699679ce651d90e59dae25e9b0ff2f9eb32aefbc23b0f4f493d08e101f012e69fb35f0cc5883a706ea8b40a8ed3761731c8da35c9da7b3e7328

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          463KB

          MD5

          527128fc263deada975c650c2299518e

          SHA1

          0f64d631f18fbe0a56c410936cb8f04c43a2493f

          SHA256

          b995237589a776ab6a4144a4d3eecd11838242df1c3ac96eae627f76892db285

          SHA512

          b986d65a3a18c947130d47b94a8c14371981ee4a5cf80b910101a7450567f1152cafc1631531a85a08282b93373aaf7d0ba6120fb289fbac20b52bf1922a378e

        • memory/1620-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/1620-770-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB