Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 04:49

General

  • Target

    8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe

  • Size

    45KB

  • MD5

    8d214a7b06ee01e32323bd076aa72cb0

  • SHA1

    70294a00386af3a6d10f341ba91117b2e4c91945

  • SHA256

    65014a87a5afd29fc8e2a175dfb9dda9375ecbb7eee6eb55e32b20518f55127b

  • SHA512

    6e78c01c923422a3642446786af8ef465a83ba7c02293f967f3fc13e00e78af4cf87448f1ec5f08e6fbade6f267abc9b71a3900ab1455916fcba48291e40dbfc

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKriCZbQmJKUCZbQmJKV:W7BlpppARFbhWJoQmJKbQmJKV

Score
9/10

Malware Config

Signatures

  • Renames multiple (1725) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2828
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3536 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1876

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

            Filesize

            45KB

            MD5

            bbba0f9ba7202165af01830ad7158323

            SHA1

            66bfb1e8b2c7e9df8b7babe889718d89bcad8742

            SHA256

            c6b99f88200b77fe91f5028e81b3faddfcc112ba45b0f532f5424e3bacd7c75c

            SHA512

            2ad437ddd0912ffc8e2f53af0a034e4129d5d53972484d9529c1f39234055f3efae137b9964622609c99832d3816bafa95194106275ddf79f1d963d4ddef9009

          • C:\libsmartscreen.dll.tmp

            Filesize

            45KB

            MD5

            8e65e6fc09ee3e4c9f60afc76ddc0be4

            SHA1

            dbb963fdb47b7806d36057521255d10f6ed4e45a

            SHA256

            0c11bf3ece6556643691816c3aa8d03890efe18f92910ecb34eba37ddc2a2d48

            SHA512

            c74614b285466df4401bc6566403de0fe1f0d13178d0d26b8360a1541628ad44513ea09e8e70f5424178989e83b65e3dfc5f94a76ee6b65b0ad8bb534810361e