Analysis

  • max time kernel
    30s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 05:43

General

  • Target

    9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe

  • Size

    132KB

  • MD5

    9149b7dbb0aa39c40ac0aed171954020

  • SHA1

    dedbf080fcf8478202a0f68f868d5fd86922bdbf

  • SHA256

    67f11bd5eb19334f40c0f8f7c2cccdf09d57203c0ad9fc3034e6f894bb8b5936

  • SHA512

    c51e9a32c7187716a43993df4d81a68ab2116d1004495cf1d90c7cbfd28e591ccdf121dbb8663bbcf36e99728e7d5afba18b216d8c409019ccc4dd607d2eef88

  • SSDEEP

    1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOMrTm/UZXyNj1tyOTuw2llbh/MKHjNHkqwZ2g:6e7WpXYvnO6/Ulysw2llbOKHbLAt

Score
9/10

Malware Config

Signatures

  • Renames multiple (196) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3064

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

          Filesize

          132KB

          MD5

          fd437fffcf6933c1945a7370ce9f7f9e

          SHA1

          4f104abaee19dd56efb7275edc929aea5091ec13

          SHA256

          8d408bce67901d69cd0be78d4db84b06bae1b3d434a12904f3cea44a86587539

          SHA512

          ff107679b8795fdfe2eebe88b25106b44a9e22b8d2f7fd213b2430049e55298f43e4692ce6f4023e598d0f31fd7ae05fa99d1e0c26c461020060ba3ddf3ef30c

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          141KB

          MD5

          447a7c937aad87d2064e97ebd2e9bfdc

          SHA1

          58d57aa5432b72218ecca9586b4f755f5c01a535

          SHA256

          fee33d11520a00056d47a57022237763749c1bf08fe9e30d6dc57c469441af17

          SHA512

          2241beee60cd8d4cd79ffbf894c41f972e2ea609afd575822c9bbdb8fd27f636e765522a8365a09489bdf6ecc9b7a89ea5e71709f00f85373105e68b72d235a6