Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:05

General

  • Target

    1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe

  • Size

    42KB

  • MD5

    1e92ca64438e03f9759ca3485af4b3b0

  • SHA1

    7b856c885b0c6f38700dec8d67a9a9adc211d2ce

  • SHA256

    396e40f8c606daa31d2c18880f26c8e2d9b6232941f9fc2f5690929a7350f868

  • SHA512

    52dfc9169fb8e36176aa24f2dbec824493f108eac4ae1065495188e1a397bc96c855a8cb41aaa7bfc2d8793d5d04ad47d402a43b00824d14ac60a1e1d56ec0a7

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxAa2aB:W7BlpppARFbhWJmAa2aB

Score
9/10

Malware Config

Signatures

  • Renames multiple (3787) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

    Filesize

    42KB

    MD5

    52191142cfe925ca68b662dc9f387ee3

    SHA1

    91e925258d8676aba3b0e474ad1cc5b9f404d375

    SHA256

    bd19f7d700693e6e47de251807c59d6df681ed61ae7b51a21fc283902d65022d

    SHA512

    f9b259e06599aef4c6aec87dbcc42167ed901579ab93197fe1a71b34f1b53ee0e5ca4c195b4c23de03c35214b95e0d79ccc5b05d2ef6008357d4a60417b10e50

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    51KB

    MD5

    779197b8048e7fecf36f7bd135de22aa

    SHA1

    f89a7a11998c4bc4e66b9fa953a6ea39277635cc

    SHA256

    4f8fcaf1f39bdfe68d45b85efd7f6f9d903fb2703d553f6335f5f4be25a08626

    SHA512

    085baef97c71707ff74a9e20736b9bd2d745c65615a2b57cde158f1eb3321b49858f6f5800d5055843be3d5f4538902f9c7054b2a145d7e9fa873c3c68ec0f65