Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:11

General

  • Target

    1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe

  • Size

    43KB

  • MD5

    1ebce9dc59ee8ae2d7b95f1621933320

  • SHA1

    4b57478fe9156206e2e9337c159770e6107506d9

  • SHA256

    cfd8c460a546ecdf1ce6c14c34148867a4d8af18a064bf895b98e736df2a4437

  • SHA512

    f1561094cf1c4cd087f73a337fa6ad5a11ac945f4595b7061bd3ff60b0aed107275b7a4e56406782da47493d76e35ebcc07ab5bee43b22389955feb3acc7d75d

  • SSDEEP

    768:W7BlpppARFbhWJ2qAJxMrAJyqAJxMrAJG:W7ZppApX

Score
9/10

Malware Config

Signatures

  • Renames multiple (5190) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:5056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

    Filesize

    43KB

    MD5

    3761cd81e303fc6c99ee380b8f759e1b

    SHA1

    d5d91aec58cbf2e847d0f68659653395be70e09f

    SHA256

    8850c9a1aa5846a93cde06c7313057558f4457313e7ca9a31796e690403f2765

    SHA512

    76de4a83812456ef4997d60fee99fc4a88d88c6f999eb20aea164aba768bbad33a2b58434b7cbce59bb4040790f4d7dadb438a1d46cabd500ba21917df53d370

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    142KB

    MD5

    bbbc9c02af31c5975d3bcd562019e04c

    SHA1

    909b8fc39349c13ae9375af0bbbafbb3482fb93b

    SHA256

    464ab1aeb564505eb5d99b227873920e08f4bec246877136c137471038cfeb8c

    SHA512

    4187f4642af91a9522daf04bceb51a095040a24fde34a7063284e45118b7a8c663878dfd30c72f05b1114beb14ae231cf418afcbebe3d0bc7eb46825e755ca1e