Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 03:18

General

  • Target

    87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe

  • Size

    64KB

  • MD5

    87451851ac68c505cc4fefabeafaa6b0

  • SHA1

    f7400a152cd507107f3b088b7ad9bb81ce31f16f

  • SHA256

    00c01408eacf4a80e0aa430448d70c4fcca2d1a63a294af3ef313e20897a1f6c

  • SHA512

    196a948cd21957b12a1806541d89c13375f492c5d3a63129f9154af0af06529c36ee1ef300eadf9ce23d28676340f4113e94bec28a4e4a177fc9515d6e80f174

  • SSDEEP

    1536:/7ZQpApze+eO8888888888888888888888888888888888888888888888888887:9QWpze+eO8888888888888888888888G

Score
9/10

Malware Config

Signatures

  • Renames multiple (5186) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3024

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

          Filesize

          64KB

          MD5

          3fd5c750e3dd178d9cfa774cbbd63e61

          SHA1

          e518cd7b574905935df2967264e9d4a061a2ed7a

          SHA256

          eaa039d077c878298ea2ea39587bef790d5a0f8529a68fe91bb15b3f6c790284

          SHA512

          736ac13739cdc72005fa7165fabd604f0537e1bcd023f44fb789934ec1caac736056203596de15a97846334110d1c05c06c08e4653d2d84adc36f443b4a22678

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          163KB

          MD5

          8958d026e654fff0bb5387b4a4ddc7e5

          SHA1

          7a61a43342db81a1e8e69e1c0b40b962ddda0f2e

          SHA256

          4f21112ed15c63ce583b18f82386368e0529463d4b04051c10728e6703bf322f

          SHA512

          ae54f8494cbb3e0ec868b844a9d7313da25ffa293d872d5921d5571ebe5a482b35b7cb4115d52bc573badce0c7cb227ce8799ab81b21345af6d56a3968cfb218

        • memory/3024-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/3024-1926-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB