Analysis

  • max time kernel
    72s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 03:55

General

  • Target

    89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe

  • Size

    54KB

  • MD5

    89b4185b9a1ec003bb3b95a4dc3fd760

  • SHA1

    36b0a7c1708e5b80906b9888cd57a58d0ea422d5

  • SHA256

    254d7796c618f88547f8ab7664dfbcf2f489e732a996921509866459d8a620bc

  • SHA512

    a321974a734cee10b3e600420109e9e92beccda8dd5087382065bec17f1b9485255193319f7ed5faa6365e3bf361356039ebd2190273f9015e13bb9385dd105f

  • SSDEEP

    768:W7BlpNLpARFbhblkYlkuvIYFUJcJzEXBwzEXBwv:W7ZNLpApCZuvIY+JcJv

Score
9/10

Malware Config

Signatures

  • Renames multiple (1622) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1924

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

          Filesize

          54KB

          MD5

          1bffeb442413f8c6053ea649a339b95d

          SHA1

          1fc160ef409856fe0e82227d41f262bdc27fd1ba

          SHA256

          68df6f3c46a65da6615c0ba0fa106ff5708680897301c329c6b89b4f065cb437

          SHA512

          b50ff7ac908ac09c647767ce069e4c3cbb3a8b168cb9222d35e8035e804363b78956f72a6305cdbd6b6dc68e5c0c314f108b9bc70364c6228870a43489e08fe6

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          63KB

          MD5

          470b32bed2ab8f73ecd69b77be676014

          SHA1

          4127f367e1d1ce92ac1dc24373c5ac94f15e90ef

          SHA256

          da38aaaf8e6487df92ec9efbc6e0d90e04b86498b16fb7bc98f6a8e5ccb9177d

          SHA512

          d5ab3e1e512d776ae275afda78538d905ea1b5da96b314a6d3031e8d1c46d589d056deac4a9da853290e1bcbe404fb09cbcecb9c332b11a61c01f7dcfbf51476