Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:39

General

  • Target

    1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe

  • Size

    370KB

  • MD5

    1f70216fc25d3c8a4f24c0f4378e0790

  • SHA1

    68bb003c0eed892196065aa20d8bc569886c8410

  • SHA256

    d69794895e7d982b09b09ce4a03d3927930a6f690a3e55d5d1d65193cd379f1f

  • SHA512

    84fd26bb4e142549f795428d308be10fb82fbf23cc8862880eb4a3cb02f17416796d6f35d80a818aec88a8f7ecd7e8ae2a560a252ab392c9829fb8cf471a8e98

  • SSDEEP

    6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgs5:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewR

Score
9/10

Malware Config

Signatures

  • Renames multiple (1004) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:5076
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4244

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

      Filesize

      370KB

      MD5

      a7857d592288e17079d3b0a59519a5c4

      SHA1

      11438536ee297e50c9ecaabe42bec7981025decd

      SHA256

      4258ac8b232b57c2f3bb930c1cf609fef05c502c7179b97dfb252477953aa675

      SHA512

      2eafb58f7b536aa4e5f9dc9eebda82b0f6a6d71d9c56f0a50fa30f5bcf3d65b6a550300f9bbfa2243997b6a7d5cc783e395def392ea7916e3683e991826848f4

    • C:\libsmartscreen.dll.tmp

      Filesize

      370KB

      MD5

      79eee3dfd8993f939216ca040b37955c

      SHA1

      9c7a13a543b10cbcdf8130efe221f1d2e3f6b000

      SHA256

      b825a1d163b12c1f8a9b73429afde1fc215825d73fbdab4b4a139625e882e900

      SHA512

      c184210866d9aa396e1d02e9ba448b393e072621732f47b6615ba47795e6511ef32f238a4ab33354b177540e9d05aecfceca86869a2fa6d0d3f2a93d18c9a22a