Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 11:58

General

  • Target

    38d05949a223256e15c434db01a99820_NeikiAnalytics.exe

  • Size

    373KB

  • MD5

    38d05949a223256e15c434db01a99820

  • SHA1

    27d7bff726d023e7b42c3cd72c728b3fb78ee6a5

  • SHA256

    d09ed05fa388078054dcbe95e5ab2848c6cd2150f102c001733cfb8144138a13

  • SHA512

    e12d20492c5002eedad0571b8d012df490e604617daf0b5ed64ac9031f5a56ef1de10e0ec94f35253bf343f6671d9ea0522e84dde28c881efa6dbd29004646c4

  • SSDEEP

    6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgsV:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewd

Score
9/10

Malware Config

Signatures

  • Renames multiple (4362) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38d05949a223256e15c434db01a99820_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\38d05949a223256e15c434db01a99820_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

    Filesize

    373KB

    MD5

    ab5e54338ec3a5ff4217826619d1b213

    SHA1

    51272441ab14b9a09394c616b0b44f0930b7df99

    SHA256

    1f3688ba6c7d5e9041b9aa90b6fc4a106d7949554e9dc0314c14d6a1a776e407

    SHA512

    2706a3513aaf23b37ef39ec05d3b75b05efae99d0ba95b7d82819ce19a69dddd09307e63a7f22494c2c3ff9685451f8f96553fde26e5f76dd283167b7a131b6c

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    472KB

    MD5

    9756dd56a8647502e8af5225ea79f8e7

    SHA1

    ee127f209c05ca278bc4099282d352abc55b32e2

    SHA256

    c87d0cb9e5364cf51a3be1a0c96f6b1173c41d5aa0c746068985147155159b77

    SHA512

    2d2f4778c27bd84be1ed7f0d2a6bfa495faa55dcd0e489250b57d8c24bfb6ac15a26e11a6774e364a24cb066a2ba35fa4c7002c322e9b76c1f0f4a5852909bce