Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 04:04

General

  • Target

    8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe

  • Size

    65KB

  • MD5

    8a4740a6cb2aabca6b39054ee3f457a0

  • SHA1

    9d2b3c3f0d9ab32a000c047db60a5e609591f503

  • SHA256

    c930fb795be1fb4f264ce24c7872a8a8afcb3b983f45f08ec7b59add0fb71d31

  • SHA512

    eceeaf0620b3868bb9779e85f298abdca6efff81d40dc4b6c39189cdee1709f9d4cdd75f28a48b203b57307ecab9aebc7d0f5403b1061fecd8932e57d604194f

  • SSDEEP

    1536:/7ZQpApze+eO888888888888888888888888888888888888888888888888888l:9QWpze+eO88888888888888888888884

Score
9/10

Malware Config

Signatures

  • Renames multiple (1760) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4888
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2260

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

            Filesize

            65KB

            MD5

            e28bd89c8c28394f798969a16336c419

            SHA1

            51cc6f1aa879d37c54cb08e775772733857d7f76

            SHA256

            e1d6b4b62a42e855bd78860ab4bf52f671e8aecda054e69b211c5c0fe484c06b

            SHA512

            ec5c3db555a21577966a56767090b46f5573f2753c3dbb4a34e259e24e8b5f8fab7eb3440a3f944a05ad19c5e3eead33cc0568afe9908dfbca5018c0d263e966

          • C:\libsmartscreen.dll.tmp

            Filesize

            65KB

            MD5

            8a90595146ec359eeb7211fd3664751f

            SHA1

            1c615d79e1f52ba2cadb0bf8dad7a7fdc2647fd5

            SHA256

            73bc97535c806674a3a84de71e2909a5ec285ba9faa6fecf2e134e0eeb26cd89

            SHA512

            15f1ebbb2a65ea5ff7f994730ea2d737f4e3118242e030ca4a53ee9d9f3c10d9e8e6eaf8073d384b6884045319720fea6af13deb143fb92ae693980980a81273

          • memory/4888-0-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/4888-422-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB