Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 03:15

General

  • Target

    86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe

  • Size

    87KB

  • MD5

    86ee3b412ee037a8a76389a9d14ae110

  • SHA1

    9f14c2ec41c162188606c5bb100089834871fb5f

  • SHA256

    811179c24541b0ce13bf2c1e3fd13c361b318b6b35bdf24ff35a8722291f74ea

  • SHA512

    145588f12a09bb732e6cdb8f96c2ff8d1868724c629ceda113978d6770937f6424945431aff6d9f82e64cd5d37a40f623390241931e54faccdb9ffdb94883ce6

  • SSDEEP

    1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8j:6DWpwE7oL2e+efZwZ08i8j

Score
9/10

Malware Config

Signatures

  • Renames multiple (3465) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3028

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

          Filesize

          88KB

          MD5

          fc515181e67fe329c974a9a1ddb8c527

          SHA1

          d6d11432f18d85949ef7512bc703774b3c8230b2

          SHA256

          17f2da506cf484671559cf095f45676cfa9d89f71b39733220a30d49217346be

          SHA512

          bbe2e798186bb1f36dc2d6daabc828caea8d2258047cab15b0f3e471aa492f77cf39f3bc0667921dd6ab8d5c9df4eb62f0fb0e4823f115afd815d1b9b9a5ec85

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          96KB

          MD5

          c9df29e5a52a379f5a5cb0390dabc993

          SHA1

          4bf64021f4856c5d8347b97225649cdba5986fa9

          SHA256

          35535b0a6a5ed326d25be6f6deb700ec40dc90bbc4030d7f20478222336a1ae9

          SHA512

          cc337848bdeff46b9ffbfc54204cfe4d73f15235310ef60f65083799ff2867ad65aeac82a40d22e316391a2938c9bc8e8b973341ec9c4e901e9dd682ae1268d6