Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 05:06

General

  • Target

    8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe

  • Size

    75KB

  • MD5

    8e82ae466946b37f894c3c3d6a547450

  • SHA1

    caa91caa99188e0b9e9b49e9a5a34aea4199cfb5

  • SHA256

    d657b3e66f162a7890765264fecbfdc4cd418f3952f385b9962b0d8effb52596

  • SHA512

    98073c792de32010f05b5179f6d6779acd8cf7de57f06dcbbbf80677e453ca8bb7e26e7499ff1ebecb253a5215a4e158dc471747337c9d1487b2b4593dd99d5c

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q85JiRJi60gU:+nyiQSoSgU

Score
9/10

Malware Config

Signatures

  • Renames multiple (5088) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2684

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

          Filesize

          76KB

          MD5

          6f26587cbf66e70dffc15e85ddc881d9

          SHA1

          3aa1fdcaf5406bfb48e4171789e533b22819daac

          SHA256

          96ddd76b516034e6c3d9c83e817214c876227fe8cc47c0b8327f86a077413686

          SHA512

          d64678de73e5a17aede7ee0a20738f231d8c9284214e722cab793bb3d66140d923168957928633e78673732ee03b3d2d802d0f87be1a0ae4befadd4b7180bec4

        • C:\Program Files\7-Zip\7-zip.dll.exe

          Filesize

          174KB

          MD5

          88070f88516ae98845a53666e2371550

          SHA1

          01bd98b77ea1231258859a6dbfa2214471e05675

          SHA256

          f33aa99a0e9cc16b42153af1a4bcf21f6ff97e3df9cebd1d69a9f70fc64a77fb

          SHA512

          96e4696f2b15fcb1bb59b7251b62d7fcf80cf1019af512ebb9b1dcdeace617b5c3271194803724ea301529c0a6708c789a1f03868a531f08e3b70838c963b7c1

        • memory/2684-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2684-1896-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB