Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 11:59

General

  • Target

    38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe

  • Size

    87KB

  • MD5

    38d6bcab6dec1fa22c52b26cacfc51a0

  • SHA1

    047b432af808bbb602829e64d9b051274262fe78

  • SHA256

    6849be6c15cc526cadb7dd55cbd72993b357faef5c03fafe3252f9c4219c432b

  • SHA512

    91e41520ef672278545b8b1c51447542a46f15fd3ba3570d9060c4bf2eeafd01afed24356a06017158b5e6621da43ed28758db7a85843ab881b93f78101ea7b0

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76RbUkP:6e7WpP9oVLQthbYY9oVLQthbUv1kP

Score
9/10

Malware Config

Signatures

  • Renames multiple (5200) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

    Filesize

    88KB

    MD5

    134451ff98dac1447e5d0404e319026c

    SHA1

    4852c2b79b943fc04b07504fd9fcdf420e8e0b6a

    SHA256

    810e341fa1dae38add0169e77ccd01015af9dac87bbdaebd2c9d707a8bb11b25

    SHA512

    b30ac5adf4cbfd061896039cb56b3682b231274cb583988aa722d2f4a6278c074528d253e74cdd9a668cb8dabb2633f73e277caf008b9d089ab6483cf5728cc2

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    186KB

    MD5

    f8f96680defd4966ec8e63032a9f2a77

    SHA1

    b05a7cd3449bd3208602bc1f073880ca4c6cfb9d

    SHA256

    0d974da710b9ac3111ab5502d0039cea6b68ac21b2cd93696a1c41b1106d51c2

    SHA512

    a004f9decd80fde55289da89ed25349d2e3fd318a9c3dc10b26b4925a06759a7335f6d899d9fb5d6689f044f51063b368cb2728d60b5c948d0c8302d8cb49d37