Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:11

General

  • Target

    1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe

  • Size

    43KB

  • MD5

    1ebce9dc59ee8ae2d7b95f1621933320

  • SHA1

    4b57478fe9156206e2e9337c159770e6107506d9

  • SHA256

    cfd8c460a546ecdf1ce6c14c34148867a4d8af18a064bf895b98e736df2a4437

  • SHA512

    f1561094cf1c4cd087f73a337fa6ad5a11ac945f4595b7061bd3ff60b0aed107275b7a4e56406782da47493d76e35ebcc07ab5bee43b22389955feb3acc7d75d

  • SSDEEP

    768:W7BlpppARFbhWJ2qAJxMrAJyqAJxMrAJG:W7ZppApX

Score
9/10

Malware Config

Signatures

  • Renames multiple (3851) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

    Filesize

    43KB

    MD5

    18c58ccc2716ce4f5d819c5dfeb2e8e9

    SHA1

    5d9aec6eaac5588d6fe3b2e237911be375e024d3

    SHA256

    b1d6ca0777575e2b807b743901b0a05f15f54485dcff32a208c231fa3eae8006

    SHA512

    16f6dbf0e6c40502bcb1c95ef7824e1ea89b1758e64644b3896862b2b629d69f32ffcaee6ace25cd7116908a1208a48a27ae94377626a69681c984229cbf5261

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    52KB

    MD5

    c13e0818cac38d24d5b2d2378e8f4ee2

    SHA1

    6b05860656f8f028d4454338b41d9466c7a56658

    SHA256

    3ae7e114926f19a57e2bbb7e5bff917ff75074e654b25b77014251477f56b1f6

    SHA512

    17b61e34de126556b640d2eda84de7e9c0397fcd437298521bb9e8877277f79799393d0abecbe737276b38ebe912b9020790770e4b188d97534aec7970b2e6cd