Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 04:35

General

  • Target

    8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe

  • Size

    392KB

  • MD5

    8c1c1d9d3a817c31e8a5031c95559570

  • SHA1

    56361652d1f766409093d8e855d81abba459930f

  • SHA256

    23796cca6b7de3a1aa28ffd438b46eec3f1857d9e0a09b56eb30c5355ee279bb

  • SHA512

    983c3814d48e4ae922b5e9d4d03ea3871dd71d2aff784db825c9f93dccebfa5d17f39141bbbbfa13085799964b0519e0a3f21e7e2a289369802a0f80d1ee4ea5

  • SSDEEP

    12288:IAIuZAIuOVdo4Mxdz68XUdWnGsTefBAZUNHPK5ywHeG5QuKfeoy7UNCfwnmos:NVdo4Mxdz68k3IESs+

Score
9/10

Malware Config

Signatures

  • Renames multiple (4203) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1492

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

          Filesize

          392KB

          MD5

          4de0db58f32152f1c392c9ffab7a0310

          SHA1

          9079e365886b4cba7b1442e14d8a422da18db3f7

          SHA256

          0386b11a840bbed5ab684122bc76b62e20cd77046ffc2e8d0c2f1558bdd239ca

          SHA512

          e79df24e35fe10ba14f6e8e9b71b1fd07a708a8463cd4965b5f38e506f21dcc4b16fa9a3cca0e0125510967d7827f141ab5349a54dc466eca27718dfa0a451ab

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          491KB

          MD5

          9ed5f8703b6c41007e92455f307af5ab

          SHA1

          8f4202103dc0d6b45880b195e32e1a5a66d64971

          SHA256

          722df8de318fde6baa9b566aea02e982e9439dd63e1f878dbd51b9fe8b7efc50

          SHA512

          5dfb66729a9b523ff4f797912053439ba1c326593d549792af1ca66bc7b67168fa21a015ec1dd1794f6a16f311d155cd5330893ee23c2357c3938dacebc7e8be

        • memory/1492-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/1492-1410-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB