Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 04:04

General

  • Target

    8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe

  • Size

    65KB

  • MD5

    8a4740a6cb2aabca6b39054ee3f457a0

  • SHA1

    9d2b3c3f0d9ab32a000c047db60a5e609591f503

  • SHA256

    c930fb795be1fb4f264ce24c7872a8a8afcb3b983f45f08ec7b59add0fb71d31

  • SHA512

    eceeaf0620b3868bb9779e85f298abdca6efff81d40dc4b6c39189cdee1709f9d4cdd75f28a48b203b57307ecab9aebc7d0f5403b1061fecd8932e57d604194f

  • SSDEEP

    1536:/7ZQpApze+eO888888888888888888888888888888888888888888888888888l:9QWpze+eO88888888888888888888884

Score
9/10

Malware Config

Signatures

  • Renames multiple (3494) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2256

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

          Filesize

          65KB

          MD5

          e94ec579c81ee79cc633cf796b6e61f5

          SHA1

          03b08516aa48147131f119d85fb889e7d47baf3b

          SHA256

          831cfb6ebb318defc1aaab941b5928e00d23eb34c51c079cefc4100bb274f13d

          SHA512

          c6e0bb7e224f113f344db140e254002f2f550b8f2db4516be101a3a91f35c2c8f51103829f13488d26f009c811c2deb0826c6485c902bef51a80e2c330e5aa0f

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          74KB

          MD5

          4b691ac84dd372fc1161cf89ef3b4a6c

          SHA1

          ba38a67501050a67fb4faa23d7042f3cc4b8f7ae

          SHA256

          0726e1f9e6b6c5ae3fd00ca0a2575b3918113c1e10ac2fa63c0feac0855e67c0

          SHA512

          7393a67d44ee73746a83af3ead3826a1b8826faa8f9a9399fa6cd51bdfb27ef9eb49b328703a3adbfb6b67ffd6519dc2055ea650da37229bdd02a33540fb8da0

        • memory/2256-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2256-557-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB