Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:42

General

  • Target

    1f7d83dc2d57d6722080cff5bb9f87d0_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    1f7d83dc2d57d6722080cff5bb9f87d0

  • SHA1

    3f79ef7ade62ddcdd7a58352b3d773359157ef4f

  • SHA256

    851b14dc3fd547dc22eca8d7aea17485e3decb6965d33c7a6978010eb921ba09

  • SHA512

    ad0b363698eafeb4901bd0b492b7c9d1df3b41c671a4b233f1c899a2676f26a82952849a3fe87a02e735f6917123f45fbb621d79e6efa413daba88812de2b5ac

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76G:6e7WpP9oVLQthbYY9oVLQthbUvb

Score
9/10

Malware Config

Signatures

  • Renames multiple (5196) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f7d83dc2d57d6722080cff5bb9f87d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1f7d83dc2d57d6722080cff5bb9f87d0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

    Filesize

    73KB

    MD5

    df77cfd5e1ede15c3fee077c09e6af0c

    SHA1

    b3bfddb9c418993f7f337f8e97cfa089d801d6a6

    SHA256

    dab9800dea399c040f09a86bac7272f55ed034252b13bbf5718a40a793e54e0c

    SHA512

    967229704dada16ea9d85b5f3c11ab12a7b4f53aea98b5f2789e2e8a2c9bdaadc3aea8b558f566cf0b774dfbd08395e1a4d73f3c8d843cdf20cc97fc6f4fef83

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    172KB

    MD5

    8d0746656759def2d44967b31b5a3bfd

    SHA1

    a0e19b545bc6ce58a3f3bb3aff25b614330f08bc

    SHA256

    5535b5c0e386dcee6ccce9193e1a50f0240bd1b0e081aab408277c0c7bff5032

    SHA512

    2216a3b1c5ac0d7da28910dd49dc5e8dfbfa44feebbf513ce1d5862184b3581e633de43c05d649cec5673f7d5fdd3a7b7bb223db57a1a65fd3fe317c44efa204