Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 11:57

General

  • Target

    38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    38b4f00f272ea45736d31741a3c95450

  • SHA1

    6988836cf9d5294ea45790bb9395e36c4a5223cf

  • SHA256

    215a4bbfd2fca313e53bd09f6a2f8e8da0451b97ebe3bdf822febb69d302b316

  • SHA512

    4a78058a4b48d5a29e748f34ef15716410d7da2ff637b6e7c6974d5a0927408ab9e768e70d0d28cb5ffead45cf8d02331441558bffc0fe866c7758e38f1e34f7

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzv:CTWn1++PJHJXA/OsIZfzc3/Q8zxV

Score
9/10

Malware Config

Signatures

  • Renames multiple (5279) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    dec233fec93d9254d62618ace9e329fb

    SHA1

    ee58b33a2df859d9fd9a8fc016d5980e0e4a33f0

    SHA256

    80e407ca75707b5b9101ac804c9eee07c0f6def143c51312f8fd574dddd7af00

    SHA512

    378db26cbec7cad9a1d7604ee08b0acccd1df982454ccf5c5683bb8e5a7fbfa3000b97a56e3f798146466bdaeb3add02b2637b33c4ee7e1a0b769986059c24e5

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    145KB

    MD5

    c7a6998659791be110d1673c3eec5604

    SHA1

    2e60b5427e795ef90632758c879a31eb7b023899

    SHA256

    7406584f9f72f698c88772bd626b297b3cc38e06cce5e230b4ed202fb1487fd0

    SHA512

    ce9e4c75c10022df88a0c029758f4c1cf83dd76e6f3dc3b02989ad2bf3e989e7f677462fe4e70b91dc89020e86f531ef08fa9e9a13de071a2a801dac10608d4a

  • memory/3756-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/3756-1214-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB