Analysis

  • max time kernel
    110s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 07:33

General

  • Target

    162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe

  • Size

    56KB

  • MD5

    162bf23874d959e41612f1bcf0b1e5a0

  • SHA1

    fc7ffbacfb67ebad7118dbd8047a93c03bbb80aa

  • SHA256

    7043fd6d8cf2a251bca7483ff9fbab41877f424b52e6ccebbc504ad8b998c744

  • SHA512

    7ce1b13d4f48f520416b1c47ce21d1d6144fcbb55b933df595fbad54b53e9d08dc787fe322025110387591b68fc8009e4740a6913010ea24886bbfd4c05d0695

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLKU:KQSohsUsUKU

Score
9/10

Malware Config

Signatures

  • Renames multiple (4468) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

    Filesize

    57KB

    MD5

    65e3720f6985cb0aeed4fc5490ad6275

    SHA1

    1f1000425346ad268fee6922e994fc600ee1c504

    SHA256

    bc22a2196fcdbaadd0bc64984875b1fae5bcd47abecb7236b259a8737f3c4a6d

    SHA512

    1f55c8deefb0f75d38a29f8fb345ba6839489002ec2ee6f4d6a82cade622a337a7ccb3cc3db888499104b663d5668be6b60771353ebea8e00ef28e9dc3d73a27

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    155KB

    MD5

    090b1629d75daddb8b4e582f4c13c682

    SHA1

    12c1fbeae4838aaa805eae255edfe427a11dda13

    SHA256

    6a920a398500c9ab32428bbda828af8c2e3ef849e7348d67cad5d64e9da8d9c0

    SHA512

    a8d74c09ca0973d592430d9b28513b4ee310b362aebcfd38673624e1928bfe1245b2639dcdcdd046424a2d53a2871397669f55e56bb8e56a472879e611c88f76

  • memory/3568-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/3568-1220-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB