Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:46

General

  • Target

    1faf2080873f2dc4b8fc3a5813be1690_NeikiAnalytics.exe

  • Size

    72KB

  • MD5

    1faf2080873f2dc4b8fc3a5813be1690

  • SHA1

    9ba800560a482db29bebfc4a4e78c1a12d22f527

  • SHA256

    3527733198237d55c67c74e8ea9eb108706718a9653016e5988aec1afd549ad0

  • SHA512

    9a2c843684047ed1864cb2fb7397671391b0af38deccad9684e7bd0a0936fbd2f1a990f1bd3970168eae2c1518e38c80ac136b4c282d9ceb471d4b04b9906392

  • SSDEEP

    768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXE:a7ZyqaFAlsr1++PJHJXFAIuZAIuv

Score
9/10

Malware Config

Signatures

  • Renames multiple (560) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1faf2080873f2dc4b8fc3a5813be1690_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1faf2080873f2dc4b8fc3a5813be1690_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

    Filesize

    72KB

    MD5

    d2f77081adb2f60f4a11cc8824f1a0b2

    SHA1

    f3cfbc062d9e10ef78bd95f299ba772517792528

    SHA256

    87f360b354b28c6ff2e434e7d20685d4004f46e2106ca48744d8884655c74fe5

    SHA512

    8fcf74900305e0ec78aff38be5d39304ce62f3afc08234ac67789dcdbc4848f53700cc09bf67803d0ee2736f605ba6cfde0065ddad81ecaa9a165f4fd66b8001

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    81KB

    MD5

    62fccd3c0595adf9bd57461f9a46cb16

    SHA1

    d069d1aa4534fa7a1c95da6df299c270fd36f729

    SHA256

    c84ddef72400a9b625b0d5626c178f4eb50d0db40ea5ba81bc08321b71f3b148

    SHA512

    7bab037b685e757b09d77614f9e4b8a18fcdbf6907623a2de09b2d025b914798711a7881e820871d54b8d5e5144e2c80c84d73d0ec95ca2dcbc97855cf2ffd66

  • memory/2440-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2440-68-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB