Analysis

  • max time kernel
    149s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 03:24

General

  • Target

    87cf19364e1beb4c56e55433685094f0_NeikiAnalytics.exe

  • Size

    227KB

  • MD5

    87cf19364e1beb4c56e55433685094f0

  • SHA1

    acc9075cd32ec40eaea75cb7541190553dd13976

  • SHA256

    46f36c8515b245e355c5220e1c9f3c5a76b3326157db78881ee745fd367c6aa9

  • SHA512

    ddaa0a8c2ed6b8a5f880c48b5b4567389d1dc49349528b1a4fe53e26b8117203dc38ec4a758c27f7736cc20d96a624592a86b0503ac3b699f7ee9ac062917c79

  • SSDEEP

    3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuYch93g+gfFpsJOfFpsJE:JiQSo1EZGtKgZGtK/CAIuZAIuH3Q

Score
9/10

Malware Config

Signatures

  • Renames multiple (4720) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87cf19364e1beb4c56e55433685094f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\87cf19364e1beb4c56e55433685094f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1400

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

          Filesize

          227KB

          MD5

          c755b51c8debfef28bf626803c390fe8

          SHA1

          dc27cde957e97847be73f6f9ce9babba40cad74d

          SHA256

          f71e58176eabf2130832cf9c4b923afe820d1c1981d20b20a0aefcfb3012a5f1

          SHA512

          a1fdef801bf496516133f675e1f42aa23451cf5fcca80189aa2d5852982b3279a9b45e7946bb0d8832b57718ae44ad69c45ead06d9b2a906a4689b996fdfd2be

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          326KB

          MD5

          0a5d52911e411abd308c46a9214e596b

          SHA1

          f877003ce09c8c9475499b843e5e3411289740dd

          SHA256

          ddbe278ee74e6c2751869f5df53fd86c7580b82eced7cafaf69da934d0f54a22

          SHA512

          158d495cbc79f2b7d72e8ec8e757253282723721f1640ad0e5f271e1be7a822fd974a29d01892dcd85b3520adea09d076b10a4c4f4410a37c0f9aee8b14f5a74

        • memory/1400-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/1400-1670-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB