Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 11:53

General

  • Target

    3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    3860af987b6af9ccc546516ad39313f0

  • SHA1

    6813aac990c4779eefbd944f99427755bde6d135

  • SHA256

    db430c57d7285cf7f39b4246b47f385e565b5f94859bde11c2ab30ec31b1fcbf

  • SHA512

    cdbce4772d03d81307855f60dd26a8df949d97924450245967b2324d87f1d6d214e230f87038d375f54a8b69bff095cd373c69443ce2e0c055a34b443f9a933b

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNj:W7BlpppARFbhWJQix

Score
9/10

Malware Config

Signatures

  • Renames multiple (3772) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    effb0cc9470ad220ef78ddfe3473727c

    SHA1

    a202a16cdcc765c14a4229ed2ead733942178283

    SHA256

    dd8a7413f4d92bed19e70b0b3b7f8c474ede8c9d1c1cd6a175aba17009c1c65f

    SHA512

    e2f1b6c7a6fa0e6b002cd431646ca4a29afd9be78295629fc7fa082c8ce31f42425d161fba72cbe5db49d7afc04f75d8682ceec53f86487297201ace04fcb991

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    55KB

    MD5

    00fa73fc2f3f3c6c9d8a7040f22b861e

    SHA1

    b8516903cc5aab892559062ae0aa8d60c4d46fb1

    SHA256

    0e143a0da612e82d36345003548f5dee006bc8b1e6d53765d5c3e5f67b6026d2

    SHA512

    3e9f55377050f8907222296e3450148786e65928a8b4695a7dd069e44d4df6cd4ee803a280222b20720265f03b0529341b3ba166fa9db453a566c9ea4bd3a274