Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:39

General

  • Target

    1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe

  • Size

    370KB

  • MD5

    1f70216fc25d3c8a4f24c0f4378e0790

  • SHA1

    68bb003c0eed892196065aa20d8bc569886c8410

  • SHA256

    d69794895e7d982b09b09ce4a03d3927930a6f690a3e55d5d1d65193cd379f1f

  • SHA512

    84fd26bb4e142549f795428d308be10fb82fbf23cc8862880eb4a3cb02f17416796d6f35d80a818aec88a8f7ecd7e8ae2a560a252ab392c9829fb8cf471a8e98

  • SSDEEP

    6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgs5:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewR

Score
9/10

Malware Config

Signatures

  • Renames multiple (2767) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

    Filesize

    370KB

    MD5

    16d2af816fbc8f8360c62af1678845b5

    SHA1

    4ef51724a86b3147d1a6cadc235dc4691f763628

    SHA256

    96e775bfaf872bf7f21eaa3def0b05e6c41d2b48e91850b744a68af16d66905f

    SHA512

    efd700bf26df6e6e57a139977b3fe8b89e633285f84224577d1d2a5ebe3af6ec3801aa268703e7f45e64cd32c17431d3a3633d35ae993489ae8e34361aeca1c0

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    379KB

    MD5

    e3aeccfb3145b48348976e7f3a314305

    SHA1

    8b3896571a06234e663f4edacf132df06dfd73cb

    SHA256

    aea13bd383f99875d38b621ea5277fbeab0cad89d67cfe10d03822e571f960aa

    SHA512

    49bc47d0b679dee9d5342133f91ebbb9b22df1f4fdd1884700ae83ce1e06127116251ade28da15b917e5d547f2b818708db4a82c319f4052fdcfa2d00d906a7f