Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 07:55

General

  • Target

    16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe

  • Size

    96KB

  • MD5

    16c8caba1985b2bfdd22fc8ae14ea2b0

  • SHA1

    ba99c9a986f99e8d66cbe0f3fc5463cac808b1d2

  • SHA256

    1324eaec9d3f07ddda02b115ebdb897b346300aeebb9fa4d958bdca809cf4280

  • SHA512

    a10e4e4db0ff7494bb2570a680312c03324a2b5efafebadf2669788e252440874f611bc327eeedb7a606156a7d7adcf80fbb1fc8d1b47d061810cbe54bef910c

  • SSDEEP

    1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuyxX5rQulB:enaym3AIuZAIuyxJrQulB

Score
9/10

Malware Config

Signatures

  • Renames multiple (1638) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4764
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2516

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

      Filesize

      96KB

      MD5

      fa95e93699bcfbb7ad6ce9d0de89c432

      SHA1

      64f573da0105a1c2fc387a854effb33510f8658d

      SHA256

      6db30fccd36d3ec177cd21bdbd63498b0b9be58ec2b8c6848571cc6b69368067

      SHA512

      2659b7806c760eb794ecb71be2d721ca4fccb29c6d1f5d46001b8816a4ff3125bc4963e0ef02fa5b8e4e38f83b22cd311aeac52e7202f2a23aafa3b1a8e36598

    • C:\libsmartscreen.dll.tmp

      Filesize

      96KB

      MD5

      c8949b5551b1d0eb8bd0f2b7f9dc440f

      SHA1

      2ab284336a81fa39639c82a25b9f9f197b46bd66

      SHA256

      8a196efba1a4142d7b7c56e662c6e197a5f10dfe9779841994927137b69e11db

      SHA512

      c92c2fdb291133dc44b6721922ac177876818b73d1c86c14865a4d3ad1b5b988ea06a0fb8d029bf74b7f9de77893cfd2131275d75e67b65da01f9530a4676842

    • memory/4764-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

    • memory/4764-640-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB