Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 01:37

General

  • Target

    22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe

  • Size

    189KB

  • MD5

    22d001ca6de9e806b59e823e4a9e7f00

  • SHA1

    6d0d0a7b5fc8163d34810d0feb48ea96aa2cc654

  • SHA256

    a9ec5f60030890abad4fb262031be79e7ca207d65477e844651025445e1a1174

  • SHA512

    1c6d0ca10cd91baac64028e78029d1f88d191f9cca5765fb881ffdf9e06b463aff70cb667df75ced6b4ad38ad15d46cf1327655418867065f53533c1cc9b832d

  • SSDEEP

    3072:fnyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuV:KiQSo1EZGtKgZGtK/CAIuZAIuV

Score
9/10

Malware Config

Signatures

  • Renames multiple (3252) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

    Filesize

    189KB

    MD5

    0a23c91fb601ecb632a376486be4f8d2

    SHA1

    8c313f194bcd9b08d3a3dea646862b1402362a1b

    SHA256

    bd1361658a2e80d8818251a9b88a776fc7547af07d5f4ba1738540b333eb997c

    SHA512

    b400b349b129a89bf26e553d675c3b707daf8b75800de104fe230679949ebea4aee8548187a52035f74e22736d5f39f7c44fab8489c2782e9e39b108f42644e6

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    198KB

    MD5

    e31378161196afe11b8ef7fdd3c90244

    SHA1

    cff438f93250851fe3dcfbc51d797d47dbe19f55

    SHA256

    28cce13c913e04ab8f5071976b454a9c7e47fa37b3ca23146737980c83efc62e

    SHA512

    fe5ea95d60b1e8774a0bc87a7da30f6bc5a4dc970a666215c396e7bc68e5fd9f57ec1bce603b3697fccbfc8d1e776f83c9dbb6aa447dd1f5fcd0cd724cf61335

  • memory/2156-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2156-534-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB