Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 11:59

General

  • Target

    38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe

  • Size

    87KB

  • MD5

    38d6bcab6dec1fa22c52b26cacfc51a0

  • SHA1

    047b432af808bbb602829e64d9b051274262fe78

  • SHA256

    6849be6c15cc526cadb7dd55cbd72993b357faef5c03fafe3252f9c4219c432b

  • SHA512

    91e41520ef672278545b8b1c51447542a46f15fd3ba3570d9060c4bf2eeafd01afed24356a06017158b5e6621da43ed28758db7a85843ab881b93f78101ea7b0

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76RbUkP:6e7WpP9oVLQthbYY9oVLQthbUv1kP

Score
9/10

Malware Config

Signatures

  • Renames multiple (3562) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

    Filesize

    88KB

    MD5

    c670207f655a148576a5c2cc1dab12f0

    SHA1

    819d3cd2ab40f45e22f229fc78c23ef5509deb02

    SHA256

    60a6e1ebda7509b88f9d19ae3a5309ca2c8a0cd8fecf990472e9e0c0760133bc

    SHA512

    3635b50e1b8f02b69e07c63063866a759ad583689cbb3e71c56c9c22d797d3588c7d9d07007545d30a01aec5eac31a78535d21df8c0227234a6aaf962ea37406

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    97KB

    MD5

    708082888db79a9d050484f03e3e9cc8

    SHA1

    26b987fd277e3ffaf59f6fc0cb1b90210ac25dea

    SHA256

    061ab97813a54eb30965884f5da36018f86268daa96c98d4b2d7f32310625c25

    SHA512

    cd856e5d9b1131e3bd639ca689f1f481e089a90b0bdb159e7727016c1121a0732f596f4282fd67c369447000acaaffc2445d06008a73c8234a824d9e9360c10c