Analysis

  • max time kernel
    150s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:44

General

  • Target

    1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe

  • Size

    82KB

  • MD5

    1f9c3b490cb8a0f02d724b417878b3a0

  • SHA1

    aefa7d7cfd0fc2c2a6fc157dffb1a17a3faa6344

  • SHA256

    a6e5ba7f9b36176b0916194db829f4fe32b472167f9416c58fecb048cb5a3e25

  • SHA512

    c116d2b8e11ca404c6397ac755c4198bf2c18b3dcc4fac30c85621cc225553218c459c4fc6925eeed38eab0a28a52c6507752c6896ca3f642f193c6be78f3d21

  • SSDEEP

    1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuXsJtLJtvQP:enaym3AIuZAIuXT

Score
9/10

Malware Config

Signatures

  • Renames multiple (5131) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

    Filesize

    82KB

    MD5

    798357f5a71397f7cbd56d99aa1742c6

    SHA1

    4b35d51f700d211d97c1c2ea07186242b715e6db

    SHA256

    0dc4891de67d82f1b5eb3816c2219b619cbf29bab9afc74f504aabb4c6fc8019

    SHA512

    30f8738e7d960e03c884de4bf1af941873d66796e4d64610376c674c14bc5ecb8c0afdccb065fc8e70a2ce1108afc2d5448dea87fd778c6645a6d69950dfbb9b

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    181KB

    MD5

    323171030dc4d77f07b90fc087ff9607

    SHA1

    d2dd0b1950929aee34964d2e9a868a8133f6b2d6

    SHA256

    f58dcfb827b082b15fc6b909c1659188dcb008891ca914c37726fc338ce67b82

    SHA512

    1b0a6b082d4eb3a4133f028d46c5669ffe38ede9c3895f9bc63639841cc1e836073b2d4723c836fbe700809d815972fe7d477ead0aa2f147d627feb94e921444

  • memory/3480-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3480-1890-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB