Analysis

  • max time kernel
    149s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 01:25

General

  • Target

    228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe

  • Size

    50KB

  • MD5

    228d68ede681b88ced45a5aa80f9bc70

  • SHA1

    b63b965e942e3c5a455ae63c62907c749e539452

  • SHA256

    94aa84f8868c55d951e21781e20850ca58f305b1fc5ac7297bd6e37625066b76

  • SHA512

    dda89ecd913a62add29c4aa787aeedd7bec6bd7fde497009436fac69fa490434a7d70807835ba7fab497b5c501dcbf60cba3db67973fe428c8b4b25aa1e97875

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcH:/7ZQpApze+eJfFpsJOfFpsJq

Score
9/10

Malware Config

Signatures

  • Renames multiple (5192) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

    Filesize

    50KB

    MD5

    db5a59472ddcdc3ef6da80e2db4ec7be

    SHA1

    c10f1a05dc421eb5434c70b9080c2836356e0367

    SHA256

    94f8d9149a1e1418e38b135a41b403c2fe2a89fa9d678dacd4446b4246c0b5ec

    SHA512

    c9674c464f3d0fffd33b80faf01db6de6758b84e05c56eb6951566201b0456d7e43b5cb9a08838252809162e5de70abe47cb9a40ae52190b1b5b9e062ff01f81

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    149KB

    MD5

    2c401d3231d91f0bbd2f4be36bf30173

    SHA1

    1c1b0db09b3b8523c2bb892ab1d3ff621f28ca20

    SHA256

    dcebd279fbd4eed2677a588e5ff2cc96206566f9a14548091af40b3b02c16b68

    SHA512

    5375411ddf4116df1289f14053c82736d388cb57f00e7bff19351ca1e459c676a5a6ddebffa86b24ae3c01919f035dbb00ed75323a8826b21c71a369561c6c02

  • memory/4428-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4428-1948-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB