Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 04:35

General

  • Target

    8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe

  • Size

    392KB

  • MD5

    8c1c1d9d3a817c31e8a5031c95559570

  • SHA1

    56361652d1f766409093d8e855d81abba459930f

  • SHA256

    23796cca6b7de3a1aa28ffd438b46eec3f1857d9e0a09b56eb30c5355ee279bb

  • SHA512

    983c3814d48e4ae922b5e9d4d03ea3871dd71d2aff784db825c9f93dccebfa5d17f39141bbbbfa13085799964b0519e0a3f21e7e2a289369802a0f80d1ee4ea5

  • SSDEEP

    12288:IAIuZAIuOVdo4Mxdz68XUdWnGsTefBAZUNHPK5ywHeG5QuKfeoy7UNCfwnmos:NVdo4Mxdz68k3IESs+

Score
9/10

Malware Config

Signatures

  • Renames multiple (2651) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2244

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

          Filesize

          392KB

          MD5

          367cf4b584e817e1a0d284cce33eef4b

          SHA1

          c811ff91e89b859d4ebae4de5442a7de27bd9f30

          SHA256

          98d349d86c419fd3b1275e94935b895bcac32ef78327d6e670a93953c80e50d6

          SHA512

          7a4fd74dc84c6f37bf45799ce81184c46f4e1fb5abc13f4e4d70bb8ae0ee020aa05c6c0814bc56e64729bf6f7a8a21107eee4e5f8763c49c8e05a29e9e01faec

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          401KB

          MD5

          bae0c6e8fafd56e26faf25af36b9fe91

          SHA1

          630c2f3529bfac9f7b12db886819b37dc5c42806

          SHA256

          3e0f4a46e1902a569e25d84fbb876c5336f380508e66ec50326de2f9df614f6e

          SHA512

          80cff411f7ed479917f15c4bdbdd69914507c2b466e7fb086f3a1ffeca1a97b4d08930623e1a83e65ba4774319974f8332ddbabfaad4b263ce666509fc499109

        • memory/2244-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2244-430-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB