Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 05:06

General

  • Target

    8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe

  • Size

    75KB

  • MD5

    8e82ae466946b37f894c3c3d6a547450

  • SHA1

    caa91caa99188e0b9e9b49e9a5a34aea4199cfb5

  • SHA256

    d657b3e66f162a7890765264fecbfdc4cd418f3952f385b9962b0d8effb52596

  • SHA512

    98073c792de32010f05b5179f6d6779acd8cf7de57f06dcbbbf80677e453ca8bb7e26e7499ff1ebecb253a5215a4e158dc471747337c9d1487b2b4593dd99d5c

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q85JiRJi60gU:+nyiQSoSgU

Score
9/10

Malware Config

Signatures

  • Renames multiple (3686) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2416

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

          Filesize

          76KB

          MD5

          334e43a7f1dc1411bee2dd7c9bae0539

          SHA1

          6cefb759dbd5e817d10a24fd8a471f5220eefb99

          SHA256

          95b9179c44a28882df46483c89b151c9e6ddd53ad179513014335cb8dce4be17

          SHA512

          d0647654e82a41eae852610dd57a9b7d9dfab4d2494057bdc9bf86af5dfcb146e94c89fd1c2195434733e9ef40a30660adaccc69b65bfb6b6ab441e1adfaa5a6

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          85KB

          MD5

          2784e6d54c90700f0a13d16428f9097d

          SHA1

          a1ecd8870c0ee2e2c55405defa02ff4faf23f3af

          SHA256

          8019b1939da3a30e5e5e32aee80778beaad392c98205b56acb76062a218558aa

          SHA512

          0306e7df196081ef3a7c2f9d1b39dae2cf830413417bcc81d64d39351dca1fb401afc872d9edd307cc569bd79e19ad788be1de109465cd9685357fdcb3bd9936

        • memory/2416-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2416-658-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB