Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 11:57

General

  • Target

    38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    38b4f00f272ea45736d31741a3c95450

  • SHA1

    6988836cf9d5294ea45790bb9395e36c4a5223cf

  • SHA256

    215a4bbfd2fca313e53bd09f6a2f8e8da0451b97ebe3bdf822febb69d302b316

  • SHA512

    4a78058a4b48d5a29e748f34ef15716410d7da2ff637b6e7c6974d5a0927408ab9e768e70d0d28cb5ffead45cf8d02331441558bffc0fe866c7758e38f1e34f7

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzv:CTWn1++PJHJXA/OsIZfzc3/Q8zxV

Score
9/10

Malware Config

Signatures

  • Renames multiple (3745) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    424a354956efe46f5238901ad2777f43

    SHA1

    75d244640a2fdc144af547274ac3fdca1d0c5306

    SHA256

    75869a4bbfe0ec7cc932c1922295546f285994763fe95ea009221c1644ea7ed0

    SHA512

    8d47f5dc6f90d7c0ab405212dd482236ace9d70d4107eae34291585fef8afc9a004295a33d485f699303fe3390b4503e5e23564eac75e6d66f1d762ad494c2f9

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    55KB

    MD5

    deb02d006ed24c1c243cc7f6d793e84d

    SHA1

    659f7eab152d0659ae122cfc3c2d94a88097ac9c

    SHA256

    7af674835f23130b8488ece8f7dd94f2cb71c67c1c8ff7c875445738fadfbac5

    SHA512

    768b3a2cc926cb903da2fbb57dee13956cfe12649eaf90785f3202fe662502dacd81c686665581e1f9a6e0db2a9f046aa1eecae5259f308064d569ce8a544eb4

  • memory/1720-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1720-76-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB