Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 01:25

General

  • Target

    228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe

  • Size

    50KB

  • MD5

    228d68ede681b88ced45a5aa80f9bc70

  • SHA1

    b63b965e942e3c5a455ae63c62907c749e539452

  • SHA256

    94aa84f8868c55d951e21781e20850ca58f305b1fc5ac7297bd6e37625066b76

  • SHA512

    dda89ecd913a62add29c4aa787aeedd7bec6bd7fde497009436fac69fa490434a7d70807835ba7fab497b5c501dcbf60cba3db67973fe428c8b4b25aa1e97875

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcH:/7ZQpApze+eJfFpsJOfFpsJq

Score
9/10

Malware Config

Signatures

  • Renames multiple (3739) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

    Filesize

    50KB

    MD5

    9ec9c091427b152ce6eba6fb03cf9bd3

    SHA1

    d6f715802bac9418d604723e90ad50395e510dfe

    SHA256

    88358723b2b732399bf59fd509eacff68890085c8407042c0251cf7dd6b21163

    SHA512

    0b1ff14b9f879e4ae46e553566e5cf3b06a5d59034787da7289acfa8e2765f4cac17837b00d452031d190385782ad2a55e5251b7fa0d71a73ec5670340a4f26f

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    59KB

    MD5

    94a9b9f01eed2a4a7ee1c8a79eb68b00

    SHA1

    0e08d38c4ab0a907cf5ac48b8a0b6914f70d45ed

    SHA256

    ac60665ab282ef9e6a6709b30491f964644e26cbb4f37fcde3df4a53280023fd

    SHA512

    a09fb8274e7365029ed0849eb114aebbccb80151a836b99702c60d6e02334a91e5e47d79a28f081645d97d9469ca9553bd3fd3ea83961c75c38ebdc7ea60a530

  • memory/2188-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2188-648-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB