Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:44

General

  • Target

    1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe

  • Size

    82KB

  • MD5

    1f9c3b490cb8a0f02d724b417878b3a0

  • SHA1

    aefa7d7cfd0fc2c2a6fc157dffb1a17a3faa6344

  • SHA256

    a6e5ba7f9b36176b0916194db829f4fe32b472167f9416c58fecb048cb5a3e25

  • SHA512

    c116d2b8e11ca404c6397ac755c4198bf2c18b3dcc4fac30c85621cc225553218c459c4fc6925eeed38eab0a28a52c6507752c6896ca3f642f193c6be78f3d21

  • SSDEEP

    1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuXsJtLJtvQP:enaym3AIuZAIuXT

Score
9/10

Malware Config

Signatures

  • Renames multiple (3586) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

    Filesize

    82KB

    MD5

    cd94d83d17b60aeec6f43e0d1b03e42e

    SHA1

    c33b10a9dc2419ee3f1a21161c36f5724b7a2a7f

    SHA256

    5cc3f3d9a82ebf3acbdbcc0ea39f064191b971f0d46e939d0582a0c139e46b9e

    SHA512

    dede430324b16e6bd4153208e79b8dedab2417c58abc7424f8faa5232dc7abd182908cce3869903c9010fed3f9e88e321a0f0695167bc422cf2aecd5ed79682d

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    91KB

    MD5

    7e64ea3d8c8bcf1bfd3fa6e967ee6ac0

    SHA1

    5b716237cd14684ec8f52af7dbfad14ce48f15e6

    SHA256

    0ff5d29e17291f1193de33213c83050b53c01db879f0e16a4a75bb2d8cbb24ea

    SHA512

    5bca4de28c0c456daf74011ab358df67c1d63edccb7e86e6a1402cf120ea79aef8591d51777f7902e354a98bafe129cc40ebb3c91ead8081c0c59103a821a14e

  • memory/2172-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2172-654-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB