Overview

overview

9

Static

static

3

e17a6316bc...cs.exe

windows7-x64

9

e17a6316bc...cs.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e17a6316bcf1c62477662df383b5aff0_NeikiAnalytics.exe

  • Size

    154KB

  • Sample

    240608-pfzvfsbe7t

  • MD5

    e17a6316bcf1c62477662df383b5aff0

  • SHA1

    0cb667ab9a99080543f7eba938dd8be00edf2d19

  • SHA256

    38282196b0c496fc1e5c46ab22975e3df04e5efb3b12c72d542576e143bbad0c

  • SHA512

    229076c673256e4d248b1c1b175bd54e4f597a8e59811f0a21a54179c3828fbd382dd2623c536822f0547c9c9ad2f42fa0c9d504ba1862d87136c3e2be404a78

  • SSDEEP

    3072:6e7WpP9oVLQthbYY9oVLQthbUvOe7WpP9oVLQthbYY9oVLQthbUv5:RqAVqAh

Score
9/10
ransomware

Malware Config

Targets

    • Target

      e17a6316bcf1c62477662df383b5aff0_NeikiAnalytics.exe

    • Size

      154KB

    • MD5

      e17a6316bcf1c62477662df383b5aff0

    • SHA1

      0cb667ab9a99080543f7eba938dd8be00edf2d19

    • SHA256

      38282196b0c496fc1e5c46ab22975e3df04e5efb3b12c72d542576e143bbad0c

    • SHA512

      229076c673256e4d248b1c1b175bd54e4f597a8e59811f0a21a54179c3828fbd382dd2623c536822f0547c9c9ad2f42fa0c9d504ba1862d87136c3e2be404a78

    • SSDEEP

      3072:6e7WpP9oVLQthbYY9oVLQthbUvOe7WpP9oVLQthbYY9oVLQthbUv5:RqAVqAh

    Score
    9/10
    ransomware

    • Renames multiple (1244) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks