Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 01:37

General

  • Target

    22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe

  • Size

    189KB

  • MD5

    22d001ca6de9e806b59e823e4a9e7f00

  • SHA1

    6d0d0a7b5fc8163d34810d0feb48ea96aa2cc654

  • SHA256

    a9ec5f60030890abad4fb262031be79e7ca207d65477e844651025445e1a1174

  • SHA512

    1c6d0ca10cd91baac64028e78029d1f88d191f9cca5765fb881ffdf9e06b463aff70cb667df75ced6b4ad38ad15d46cf1327655418867065f53533c1cc9b832d

  • SSDEEP

    3072:fnyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuV:KiQSo1EZGtKgZGtK/CAIuZAIuV

Score
9/10

Malware Config

Signatures

  • Renames multiple (4672) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

    Filesize

    189KB

    MD5

    cebe3b6e1c39964f154bd5a511a934ba

    SHA1

    4579a416dd24c3d1af3095115eaca21162f18ca0

    SHA256

    2f0438f30fe204d3171a843bd530d88aca24da1956f0fdc61c5b447bc7a72447

    SHA512

    a790dacb7743c6ac0dc8a1a551b5662e977440ee467b52b3149e890b433a0bcfa852a679e11f8896d6cf9ca807ba1184d3237d8f74ae85ec35d64171c77db212

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    288KB

    MD5

    9172b982c8914273e882affafdc88827

    SHA1

    0cfb9fbdc9dbe046ef1b436187c48971cd4f591b

    SHA256

    1108e7142cb17c3d7316433a318172ad3c77612a028f8de25c4787bf8fff2171

    SHA512

    62a8d9ebc90bca2e596ca78655c265525aeb9706bb4faeae9f7cd3c1fbced8819fa4bbe1d25111bacc949def355b4f99c09d9498b91405a8b9fc8483de8ebbb4

  • memory/1532-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1532-1602-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB