Analysis

  • max time kernel
    120s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 06:03

General

  • Target

    925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe

  • Size

    31KB

  • MD5

    925e216dec0c7ead3af0f81435b94560

  • SHA1

    5a954c5ba5f47bbce51d6a5fc71aef9021afbd2f

  • SHA256

    411cacb2cec5c2e400c6d2e3713309189aeda595dea29c14b2de3f89cba7603e

  • SHA512

    113116262d622f62cb787a1d5feef645c1317abd87542c0db04f478e0e57d584aeea5960c322bb331125a8de638a3e10f996a2d14245eb3dcebf913f9b87df20

  • SSDEEP

    192:tACUADIY0Br5xjL/FAgAQmP1oynLb22vuN6GnN6GubqhybqhM:GBt7Br5xjL9AgA71FbhvuNBNcbxbl

Score
9/10

Malware Config

Signatures

  • Renames multiple (4698) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2740

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

          Filesize

          31KB

          MD5

          906da2db82fecb6ae631d6cc4e5019fc

          SHA1

          94cc7921fcea1bb1248277b4541af2d96f6a2e5c

          SHA256

          0c0b50e5faae18ed616cfe06e3599c596ddc37abf0f07281c318d26f186bef2e

          SHA512

          305cfbeba9f32d41bd0444cae8d1f7e93bc4a7551fba7ce1897d4400a4360b30a2560838fba50109430f4a7dfe0a90e4518486a114672b059eea195ec56b951a

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          130KB

          MD5

          dac001a35b4701197e110e9429d692aa

          SHA1

          8f753823f7fec7055cf0900917b9a3a5af95d96b

          SHA256

          b9e41e91b433b4d486b37b58167250d1b8d111482c023e6e5b1d1e0cb3a7fb3f

          SHA512

          996fd88e4ebf6e0efee156e4b6b0d9a2d1ec3c7d36d0a4dfcd2989361e4b09eaad1cf6da66fc2299bdc515f6fafa937967344d73c93ef294e5f9846786f84b8d