Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:59

General

  • Target

    1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe

  • Size

    76KB

  • MD5

    1fffa93c50fc4ec509dc9871fc07eb00

  • SHA1

    5c25484b7b0d98d602deda386732dd68cc127798

  • SHA256

    0bbdfc4431e7b87cc02e641a3b0945254411ee09f571e28f0093fe91901ca1a5

  • SHA512

    65848b107e319c8639eeeed3fc07f2a6145232b7284bd734b8afd4c243a3ad42e9e8203213629ce0d38ed5d0d654166ec96bf35cd19d7ec8f7a123ac9ce2c1e8

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhs:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsh

Score
9/10

Malware Config

Signatures

  • Renames multiple (5215) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

    Filesize

    77KB

    MD5

    f619e259bcfc0e77af02e9ad4cd882f7

    SHA1

    1bea807cf075525b8a9b45a914c1100ee6a2fb99

    SHA256

    e4265a026ec8d075e53673593b9c38bcddf68607038476025d503d0335b305ad

    SHA512

    15cb4f0a011674a5cb26e4832f4ca30e099c23525efa9f96212751b4c8b1380c2924b786c1d0f5ae18d979f752decdc66407584ad03eb049f98298eaab93370f

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    175KB

    MD5

    accb3f4c13fb1282a1a4736b1291bbab

    SHA1

    b72458888ccca1842066f26cd93f1c27ba0fc4af

    SHA256

    7f87875935d2d917817da24dea261f16e41b373eb422409f30d0481ef6f9d38b

    SHA512

    43e8d786fccbf355e1029aa1a913eeba455acdf48eab13b19c6376da12b6bc862fa8dad89ae1dc5c8947b64ae84541fb8016365a0ef98f260b4aa098946a1383