Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:59

General

  • Target

    1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe

  • Size

    76KB

  • MD5

    1fffa93c50fc4ec509dc9871fc07eb00

  • SHA1

    5c25484b7b0d98d602deda386732dd68cc127798

  • SHA256

    0bbdfc4431e7b87cc02e641a3b0945254411ee09f571e28f0093fe91901ca1a5

  • SHA512

    65848b107e319c8639eeeed3fc07f2a6145232b7284bd734b8afd4c243a3ad42e9e8203213629ce0d38ed5d0d654166ec96bf35cd19d7ec8f7a123ac9ce2c1e8

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhs:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsh

Score
9/10

Malware Config

Signatures

  • Renames multiple (3733) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

    Filesize

    77KB

    MD5

    8b887655822eb577cb47fa1d7e0682b9

    SHA1

    fd25115f1d8daa43ccba093baea6f5d467a1f367

    SHA256

    aa2ce8372a35c9dd2dc3946e8f2c5d05e4bfe350946f078eb0869240d447bd91

    SHA512

    0598d67e69a3b961dbc1e687750661b4f2ffe9a53753cc874e97c44fcbeebce929013d01d6122713a7475e4716fd58d962e0c24e7f02517dade638d6783ab546

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    86KB

    MD5

    42d0f64a66ac814b92bc6ab564b74281

    SHA1

    c03ff269edcb6eaf13463fef1ccd6cd0c15c6259

    SHA256

    277f3ecb1638bc39f7116967203e1547cefc15d225b1b5649707f973696eff36

    SHA512

    2d8e12baac7d964123ad4e1a03b647e3fe1153bd8d898f5dc66e0ca9e72f8305c2ee4476fae967560ee81a608db5a7a75174cd9a9a9b3d17c0e08a58beb359a8