Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 03:18

General

  • Target

    87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe

  • Size

    64KB

  • MD5

    87451851ac68c505cc4fefabeafaa6b0

  • SHA1

    f7400a152cd507107f3b088b7ad9bb81ce31f16f

  • SHA256

    00c01408eacf4a80e0aa430448d70c4fcca2d1a63a294af3ef313e20897a1f6c

  • SHA512

    196a948cd21957b12a1806541d89c13375f492c5d3a63129f9154af0af06529c36ee1ef300eadf9ce23d28676340f4113e94bec28a4e4a177fc9515d6e80f174

  • SSDEEP

    1536:/7ZQpApze+eO8888888888888888888888888888888888888888888888888887:9QWpze+eO8888888888888888888888G

Score
9/10

Malware Config

Signatures

  • Renames multiple (3515) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2244

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

          Filesize

          64KB

          MD5

          dee0da2a9522002a1156b41dba59fc0f

          SHA1

          061112fc2a5bb58089e40963cbef4ac007df1760

          SHA256

          c4b1f60594210003c2a12aa710586b62bd61d0ebe7b053bb6b8f90493ab3ca7b

          SHA512

          c0ec1a9df74c8355f04379f70cd597d385ca66343b5f9334a388ef4cddfc4f0aa1b21da78af3516659c60f7c68a081298f059b83f3ef137555baaaccd678cacc

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          73KB

          MD5

          7ab111a0482313d3e085ed8b1125a3e6

          SHA1

          81d144283692f8df34106ab4aa38c58bb9fe524b

          SHA256

          8bc834cfa7705f69dd0f07c099d1f36638180924dfa4f526512e852c204be97e

          SHA512

          df784db95a9f30b2e898e4a137172c32f117b0fe523e2a8ebe43ba38394e08c93887e2f732167baa366672659ba017105c347dbb38aa5814f06741121f65d0f9

        • memory/2244-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2244-644-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB