Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:42

General

  • Target

    1f7d83dc2d57d6722080cff5bb9f87d0_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    1f7d83dc2d57d6722080cff5bb9f87d0

  • SHA1

    3f79ef7ade62ddcdd7a58352b3d773359157ef4f

  • SHA256

    851b14dc3fd547dc22eca8d7aea17485e3decb6965d33c7a6978010eb921ba09

  • SHA512

    ad0b363698eafeb4901bd0b492b7c9d1df3b41c671a4b233f1c899a2676f26a82952849a3fe87a02e735f6917123f45fbb621d79e6efa413daba88812de2b5ac

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76G:6e7WpP9oVLQthbYY9oVLQthbUvb

Score
9/10

Malware Config

Signatures

  • Renames multiple (3784) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f7d83dc2d57d6722080cff5bb9f87d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1f7d83dc2d57d6722080cff5bb9f87d0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

    Filesize

    73KB

    MD5

    71003bf916c7d8c93a4e305a5e907694

    SHA1

    1fd7c86997ab500c886114d7a607af670cc9c46e

    SHA256

    9004ec8caf7a5b67a596d029a3bad33a4df3d718047ed5fadd622147711eab06

    SHA512

    bde20f9dab9baa698f1cf3883334738a8dbdeb8f98d4aa7a196d27c5f0721f7ae3c982de62bcd64abbaddb6933cb548f4d99ccd46215644af5e99b2b019bbee2

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    82KB

    MD5

    454b6b8a67766def685ea73b2ca371a4

    SHA1

    a3b1381c482c3e200f5abda440dcdf155ef03a1f

    SHA256

    516c958830e45e39f1993f6b3967e95da74e3305287bfb1b8704c9900368a7c3

    SHA512

    f4db75a48daa1291099e1520a00e570cea06fd0934ac1800ebd1fd5aec06ffd6f715e6fe344680bf41032814277773665340c24da6cc7fe2c9d48e63f1eec6f5