Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 03:52

General

  • Target

    89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe

  • Size

    198KB

  • MD5

    89766a2b7fa79503419eeca699ba5740

  • SHA1

    da087144fbffd9084ceba7d80f2a523579179d01

  • SHA256

    0215f5b768f6cf46004bf051390d9cfcc4a8150102169b52ab97380c838e4f6a

  • SHA512

    3f36399bcb287fbc443e6702900a18154f9b15a46c5f15cb5028f8f3e33cfa3e2fe2fd56682b6d892a5782df2fb4ddfee0d33530b8f3a1a19fed03f6873fa4b6

  • SSDEEP

    1536:V7Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCR:fnymCAIuZAIuYSMjoqtMHfhfagqYje

Score
9/10

Malware Config

Signatures

  • Renames multiple (3176) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1728

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

          Filesize

          199KB

          MD5

          8ceeb2171c5df7f64af3358299b2907d

          SHA1

          30fb720b47c5d453ce73dd9b47add43ba17cfa80

          SHA256

          18509ffc17db3a5a91a922b6f58b99857400bb281e610141bea5f207424319b1

          SHA512

          b4c6eca4eb93f8ea4fa69caaee2875998f056c63cab6519d4ad57bb2722b5ed7f54d26e53313fcb36fe01c1b2189534dba196de41ef3afc7634248583802f3fe

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          208KB

          MD5

          468c44cf237e49b5cd8a41baec208f76

          SHA1

          a440e70324621254d4b310d4ce511f737e3a05b2

          SHA256

          87d65918ff23c9af2e0acd86fa931527c54c9877d310392dcfeaddaf0220ab8b

          SHA512

          7a873e977727e60915fc385bbd3e5f1473a0976cf5df33df2e0804976155323a02fd76c3404d2e59bab444e75c53b30368e2305e2d97f61f5f0accf9d9958e45

        • memory/1728-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/1728-526-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB