Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:08

General

  • Target

    1e9bf67d8df7f90a5a86cfacd6baf7f0_NeikiAnalytics.exe

  • Size

    193KB

  • MD5

    1e9bf67d8df7f90a5a86cfacd6baf7f0

  • SHA1

    f501398d9b80873c27f5dccac76f955d281fce33

  • SHA256

    482222884d0ed905ca86a8229d34ac78a8852a46b252a0206ca3b88d7fcc4ab3

  • SHA512

    3f2dc7fe36d7bff9ab515beeb16bbdd27b4a9847d398f395a1fface7a3b5de7a4d8427a8d0a133b38ea3d459e635c4330798a767cc0210d243a836661ede06a9

  • SSDEEP

    3072:fnymCAIuZAIuYSMjoqtMHfhfag632T/IkKhzX6j:KmCAIuZAIuDMVtM/sgGqIkKhe

Score
9/10

Malware Config

Signatures

  • Renames multiple (4717) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e9bf67d8df7f90a5a86cfacd6baf7f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1e9bf67d8df7f90a5a86cfacd6baf7f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

    Filesize

    193KB

    MD5

    cf23ddb27ca023889521ad00171cbe67

    SHA1

    7a0ee4d7b5834516deb9e6f4c721f5a951669df0

    SHA256

    0ab5b9e9871b80c95cc28c7d999fc0819a2c7f54dec80c26677b0b845ae87487

    SHA512

    bbab646f0bbc757a862a5245eddfc0776d52f53b2d123fa45163a4bc35573a46f6482a9396d9470c28fff49df279c586486c2894d09a8f88e246a27ef202b99e

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    292KB

    MD5

    493b682449e5fd21a62cce5a04d5e78b

    SHA1

    36d43754eef7f52379b4baf8852ab60e8aa74e11

    SHA256

    b6b7e705040fb84f607bf174a615331a38c62b3e1027f95fe4a421133d15f4c1

    SHA512

    d3383d10a22bc0450d8dab6dd6c4bf2c572c95bbb3c87e79415eab08558137ea4f11d0be1704a48819da9add99649aeb75b268dc779d8c460d98bc267188e3dd

  • memory/4320-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4320-1648-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB