Analysis

  • max time kernel
    150s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:46

General

  • Target

    1faf2080873f2dc4b8fc3a5813be1690_NeikiAnalytics.exe

  • Size

    72KB

  • MD5

    1faf2080873f2dc4b8fc3a5813be1690

  • SHA1

    9ba800560a482db29bebfc4a4e78c1a12d22f527

  • SHA256

    3527733198237d55c67c74e8ea9eb108706718a9653016e5988aec1afd549ad0

  • SHA512

    9a2c843684047ed1864cb2fb7397671391b0af38deccad9684e7bd0a0936fbd2f1a990f1bd3970168eae2c1518e38c80ac136b4c282d9ceb471d4b04b9906392

  • SSDEEP

    768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXE:a7ZyqaFAlsr1++PJHJXFAIuZAIuv

Score
9/10

Malware Config

Signatures

  • Renames multiple (5215) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1faf2080873f2dc4b8fc3a5813be1690_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1faf2080873f2dc4b8fc3a5813be1690_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

    Filesize

    72KB

    MD5

    253500a5d846b237f50e45c3b30cd0a3

    SHA1

    0c93fd072892b75fd51b87bb9e02c4d51fb533b1

    SHA256

    c7b92ee314cb09907ae1a98ff5ce6c9e28f8a9f9cf4a0e1bfea340a6069f0fe3

    SHA512

    ea934e6128dd4df28b28b5b0871fa8890411edce59fb8b97008817c3ccfb29b2a62752bb6f57e9ec39db6e4ee0b24cc0cd2743dbe1f73267ecd1a4f6b0b09b81

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    171KB

    MD5

    c5568536e9f886fb1f86a80d876c6c29

    SHA1

    8bc2e15e1d14c00f3e77a284c2fe00beaa9b45a8

    SHA256

    18eb762e9c9fe618ffb7edb6a0a610474168bcc4de0388cabfbc2fd4c39c8624

    SHA512

    90819fbee5fbf1f64c3467dd7a88041eddadd80f6478e0baceab2a7c3c06057a73f39077fc6cf92e0f1c8bc766d61eb6cef3d6c549e6a411bfae11bb12561b7a

  • memory/4848-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4848-1964-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB