Analysis

  • max time kernel
    110s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 04:04

General

  • Target

    8a4d625be3d4b41c273cf291a09203a0_NeikiAnalytics.exe

  • Size

    80KB

  • MD5

    8a4d625be3d4b41c273cf291a09203a0

  • SHA1

    4e1c31f8558921210c48008e11206c9784120760

  • SHA256

    39ee7127322c5ad2a3fc5d8ec2ca7345ec3eee6b73625ba69dd3c354a1797a2f

  • SHA512

    e9523cd943a1d7b668a240d2260df3d57aee594f4fe4e779f24131025710e334a5587fbc0d5bb2911d92228fbd5191038101ec62a37047aa04ffbbada3429bca

  • SSDEEP

    1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/86:6DWpwE7oL2e+efZwZ08i86

Score
9/10

Malware Config

Signatures

  • Renames multiple (2840) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a4d625be3d4b41c273cf291a09203a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8a4d625be3d4b41c273cf291a09203a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2696

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

          Filesize

          80KB

          MD5

          d2543a1de2da3e36d52c0baa6f3ecdf5

          SHA1

          9867f7389563ddd67bb0da58c0167027d6b81247

          SHA256

          924aea881e91a8915c561653ad0e0a126a8d5309ed73fe70fcd4eabb49475284

          SHA512

          0678042f39a041863e6ba04da84813829c847e609b4a399d3e6ff5c382717e85ec701f93cadc3167d288f6721fff91650dcbb9aefaaae879d9db4f45f29e1d92

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          89KB

          MD5

          9465b34407dbd40dca5e2b1913a90f49

          SHA1

          6b3aed9301ba805910576654c19128df6b483977

          SHA256

          a105a59f1b1c8eef5a40bfdf0358f84e1963c344a30072f94ae32dbe08069b9f

          SHA512

          0f21cd3db4de5be754b2e795706b55be2f97198332925b3934d52ed4cc4ff59f08037e69599cf0ab943270546bafc2903c8cf09564af1582a06023c9166a03d4