General

  • Target

    ff7b0fd6d97039481f55913545ebcc70_NeikiAnalytics.exe

  • Size

    194KB

  • Sample

    240608-pkw95ace23

  • MD5

    ff7b0fd6d97039481f55913545ebcc70

  • SHA1

    950da5493346197508054cc439c5bb3114fb14d5

  • SHA256

    3ea66b01a60c6def90c752cc985c921ce84fb7d9f48a5a3cb5cc0ffc6d01e675

  • SHA512

    85dce3ac6177e2cc948891ed6c4ca18f22054c11f602f2fd99087e4f4307cb18562a1558f18083d3ff67c391206449b37676cdadfe8afd8ea1edfb6f79970403

  • SSDEEP

    3072:enaym3AIuZAIuyxJrQul/naym3AIuZAIuyxJrQuln:wHm3AIuZAIuyxJrhHm3AIuZAIuyxJrt

Score
9/10

Malware Config

Targets

    • Target

      ff7b0fd6d97039481f55913545ebcc70_NeikiAnalytics.exe

    • Size

      194KB

    • MD5

      ff7b0fd6d97039481f55913545ebcc70

    • SHA1

      950da5493346197508054cc439c5bb3114fb14d5

    • SHA256

      3ea66b01a60c6def90c752cc985c921ce84fb7d9f48a5a3cb5cc0ffc6d01e675

    • SHA512

      85dce3ac6177e2cc948891ed6c4ca18f22054c11f602f2fd99087e4f4307cb18562a1558f18083d3ff67c391206449b37676cdadfe8afd8ea1edfb6f79970403

    • SSDEEP

      3072:enaym3AIuZAIuyxJrQul/naym3AIuZAIuyxJrQuln:wHm3AIuZAIuyxJrhHm3AIuZAIuyxJrt

    Score
    9/10
    • Renames multiple (3670) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks