Analysis

  • max time kernel
    23s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 05:43

General

  • Target

    9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe

  • Size

    132KB

  • MD5

    9149b7dbb0aa39c40ac0aed171954020

  • SHA1

    dedbf080fcf8478202a0f68f868d5fd86922bdbf

  • SHA256

    67f11bd5eb19334f40c0f8f7c2cccdf09d57203c0ad9fc3034e6f894bb8b5936

  • SHA512

    c51e9a32c7187716a43993df4d81a68ab2116d1004495cf1d90c7cbfd28e591ccdf121dbb8663bbcf36e99728e7d5afba18b216d8c409019ccc4dd607d2eef88

  • SSDEEP

    1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOMrTm/UZXyNj1tyOTuw2llbh/MKHjNHkqwZ2g:6e7WpXYvnO6/Ulysw2llbOKHbLAt

Score
9/10

Malware Config

Signatures

  • Renames multiple (623) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4016

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

          Filesize

          132KB

          MD5

          9741e40dbb64cdfebe6858576b2b637c

          SHA1

          88d5f87d4c9810957f4e0fc413eb9d6bd384928b

          SHA256

          c2f18575befd0a46e15f1e5ded5869304f1b212425c9d01af68f437118857232

          SHA512

          7c6c887b5d7c11ba9c758064290cfd694e06a4b14e08cf33898648b168d966fbdd6bb071da3e942702bea04a6fb772430a5380d97c85667009ea463b8e4fe318

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          231KB

          MD5

          11aa79183bcee9b194fdb646ec582631

          SHA1

          04bc36df339e5e79f5e5910afd22261bcedadd48

          SHA256

          5cd2bb81ce9efc368513f164a706cf446f88b3fe1414d54c4bc91bbfec45de69

          SHA512

          9066d758cc6b3906aa225acd9c5c6816559354c4dba86d9fca38f0c066c932212c27eab75cb9f34f6087bca96fffc6ce6b3846ff76fb12b1ed7fa39a2abe5c35