Analysis

  • max time kernel
    150s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 00:05

General

  • Target

    2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe

  • Size

    74KB

  • MD5

    2021d29e64c53d9daca87df8ce71d9e0

  • SHA1

    80dcef20b1a8d39647a4ddf96cde7d040cc7b876

  • SHA256

    d3bab3c59656f139de8430700d29bc64b1cd2ffd3addd7fa76d3a84743eb1835

  • SHA512

    e573b184bb93a59a60ed7da20dadbbf66b23684400be028569c9d7d8b2ece233dbbf7062d613bc8ed89aa017a28abf57e0cf88d573d004c6f859a6a78c68984f

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t5m0m69M:6e7WpP9oVLQthbYY9oVLQthbUrt7t5mh

Score
9/10

Malware Config

Signatures

  • Renames multiple (5163) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

    Filesize

    75KB

    MD5

    2d16cf1783b19a65ce4553d54df9c43e

    SHA1

    d3f834850ba9d1199876e322bad1f6f73342224b

    SHA256

    e75e7a93e85fe9ba5952142b9bbf3b83414a5ad6998b4e27b2d0913661cdedc8

    SHA512

    c3b686dd7e3bf8290d79d96d08c6d530fa2a2570ad19f9f69dc9b0f62db2185f3aa59cedd0f59be95cd6db6b9033a5ed92836f8a683d78efe8777f239d202335

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    173KB

    MD5

    7c6d2e21e570aad38ff0a753f175b918

    SHA1

    3a5df7baac98aca66562fc32fa58fc86e902e5e1

    SHA256

    0fd4d66147cfd254aced8b9725bac4c9a032197db62e7e364dd9f4b33dd80d59

    SHA512

    3dc1e2d3dbf19229595de11b51ae4990d109c7af70e7fbad470533b86ffea7acf35cfec832b3475229565b4c0f01920c3bb0443ecc6573cbc98a7a1da3ddde7a