Overview

overview

9

Static

static

7

17803e2a7d...cs.exe

windows7-x64

9

17803e2a7d...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 02:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    17803e2a7d3081a37d262d11f37f1df0_NeikiAnalytics.exe

  • Size

    62KB

  • MD5

    17803e2a7d3081a37d262d11f37f1df0

  • SHA1

    ac37da6cb947ee24a9f80f04e16833cd2e13eae9

  • SHA256

    8fdae34304fe2cffa9ea39a47443a6cdac917d108338f2493a61466d7e1a3da6

  • SHA512

    f347cd3affeba359dcddaeab192fd101b4af0bc1b36e9276860dc97e5365344266529222ec9825b6dacf0cfbb1ed1af5d1ef98c2ba7bb8e5a80a81a98664f865

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsxe+eX7n97ns1o8k1o82cqGicqGR:KQSohsUsxe+erZs1o8k1o8FZR

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5297) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17803e2a7d3081a37d262d11f37f1df0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17803e2a7d3081a37d262d11f37f1df0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3172

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
          Filesize

          63KB

          MD5

          976a667a5fa2f43553710f433fbe9167

          SHA1

          80323a7298bf408509be6de4e2cb6ae9f6c6bf01

          SHA256

          1dc9f90da76e0cf67440b096e6d762af0fd31abdf8e123903b068ddf0297e115

          SHA512

          ef7ec3263b755e2f71e86df71d8e5d68adfd40b58c8a01c8ea6c54073e6bf30e0fbcf5522796ae2aad923217e45fbdb224aeed9f53d8be6a5b1d57557eb4c272

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          161KB

          MD5

          d1cbe37655b18e633874820851814cdc

          SHA1

          62892e8d90f2f790936f6b6b7f96f4bb006670e4

          SHA256

          928cce1bdf818ed2c2b80bda1b76762be2b653b576a8325938818d7f020dcc6a

          SHA512

          0c174d5375ea40003dcd994c7bac2571cb6fdc54c8504db5e875171d8a5bb7071c32e6d5fa4dfa5d4dc751080269589d8319eb8274ddf62ae352b39ec99be687

          Download Submit

        • memory/3172-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3172-1214-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download