Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 11:58

General

  • Target

    38d05949a223256e15c434db01a99820_NeikiAnalytics.exe

  • Size

    373KB

  • MD5

    38d05949a223256e15c434db01a99820

  • SHA1

    27d7bff726d023e7b42c3cd72c728b3fb78ee6a5

  • SHA256

    d09ed05fa388078054dcbe95e5ab2848c6cd2150f102c001733cfb8144138a13

  • SHA512

    e12d20492c5002eedad0571b8d012df490e604617daf0b5ed64ac9031f5a56ef1de10e0ec94f35253bf343f6671d9ea0522e84dde28c881efa6dbd29004646c4

  • SSDEEP

    6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgsV:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewd

Score
9/10

Malware Config

Signatures

  • Renames multiple (2689) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38d05949a223256e15c434db01a99820_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\38d05949a223256e15c434db01a99820_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

    Filesize

    373KB

    MD5

    b2306e172c650ffdf83d10221a94c850

    SHA1

    925af3ece902e25572973ec0709f7743b01e88c7

    SHA256

    8fc333e837f4a9527a6ebdc44b4d36315945187b999dfd0e95b24f6843e93d1a

    SHA512

    3314e249f3acef09a4c468878665b0f752f10f61a7e6269519e4771b20c42d390cab730ea0460c2bb1f48409fbcff3984a523576015a01b1b7afdf81442fe087

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    382KB

    MD5

    81b00b3c36f7fb75eedeece92beaff86

    SHA1

    279161be603fa793a58dfcb44564bec8c736bf84

    SHA256

    03e7a7dd76327e8ffe54b272e1f2301c90cfcf3a5a7315f126e7fd84fce950b8

    SHA512

    68e9af34ed912304308c2c0cba4b2f807405b391500494803a9dc7e93aa89d6b48566c20e8bf8d8d1d5c9efa1b67e526478b8c568bf1b472bd8e6f9c5c115faf