Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 03:24

General

  • Target

    87cf19364e1beb4c56e55433685094f0_NeikiAnalytics.exe

  • Size

    227KB

  • MD5

    87cf19364e1beb4c56e55433685094f0

  • SHA1

    acc9075cd32ec40eaea75cb7541190553dd13976

  • SHA256

    46f36c8515b245e355c5220e1c9f3c5a76b3326157db78881ee745fd367c6aa9

  • SHA512

    ddaa0a8c2ed6b8a5f880c48b5b4567389d1dc49349528b1a4fe53e26b8117203dc38ec4a758c27f7736cc20d96a624592a86b0503ac3b699f7ee9ac062917c79

  • SSDEEP

    3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuYch93g+gfFpsJOfFpsJE:JiQSo1EZGtKgZGtK/CAIuZAIuH3Q

Score
9/10

Malware Config

Signatures

  • Renames multiple (3160) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87cf19364e1beb4c56e55433685094f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\87cf19364e1beb4c56e55433685094f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:992

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

          Filesize

          227KB

          MD5

          870b5e1ad651468c9944ec08b631eca2

          SHA1

          8e13fbbd9f51bb1be6be7649ae4941a4be4349b5

          SHA256

          3f2b5e8a320a42ed51dfab57f7df477b238ebe45e1cfdc8c5deaf6222b6eaee4

          SHA512

          dbac980f040229917fb615cfd47c94b94d1dc1ab4461d3b331edf0343ac9f7cd0af1f985c1f158a5120014258beae0420fa4fb09447dd46e648bccc86b0372c0

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          236KB

          MD5

          86b4c42083c42e49d7b253ccc64350af

          SHA1

          88b127f84c4c340a75710f7872e7f37d098975cb

          SHA256

          8e82e28bb7770c1eaf4d5c7b4aea9756ff105d416c52071cbb348ca273360c2b

          SHA512

          2122c9e9c87c24c3b5a0a668bc98e60acede1a4b9ee19b51d46ae4fcf4658b8435e8a2b08802d4372a353e2468bd4de89dbe5551a768c41458394314992c6552

        • memory/992-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/992-540-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB