Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 11:56

General

  • Target

    389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe

  • Size

    85KB

  • MD5

    389a1e6b4c0167a1cc9169ad5a8e7ff0

  • SHA1

    c557a5cd0087c08846f31ea9013a67fc30381f80

  • SHA256

    36fe7f45211e220a4d5bc40b020c368da3cfd673ac32d566e2126f1ea9927597

  • SHA512

    c67579ca2d9911128d4279273bd4985654fa56d0761430893590ebb62ec9937e35efe15b993c3e1ed0864f5703d43f0fad018092427fe7601d4f14435762896b

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IZZG:fnyiQSohsUsWU9BK3K

Score
9/10

Malware Config

Signatures

  • Renames multiple (5180) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

    Filesize

    85KB

    MD5

    cc3bf032bb034893dedf647f1c703aa6

    SHA1

    a372d38423762bc51fa87552ce1c88bcfb27e4d8

    SHA256

    d7e4dc20263414b76c2d08180be2b71422ec13c87cb9da5e413fb6a93654604c

    SHA512

    9b443e2e3b244ea33270f9f6d74473ad6d88bb5ad2e9b4627b0539a4153be4f0804cfd28775d068905f6eed39bb24a41917179e7b003cc78a71b6ed4eb479226

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    184KB

    MD5

    f3af2bfee4f0f5df397479e533cb48f5

    SHA1

    59aaef4817e9e1bb4c3da92b74e40984710ae17d

    SHA256

    91363b6e860b3d17bd41c490e75d9ac8a0930a0b3c652edf9325eb4cd410e50d

    SHA512

    09d228c0f3415b9720c7f634b8f433385b084f0af30b3d89cde4945099d2ef9dd5e3b25fd45d180b27655947b41486163cccdf9822a2e9cad3c4864db76eef77

  • memory/1932-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1932-1924-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB