Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 12:01

General

  • Target

    3902bb4ef3169571b8f38528ce333490_NeikiAnalytics.exe

  • Size

    147KB

  • MD5

    3902bb4ef3169571b8f38528ce333490

  • SHA1

    c76b0ecb934330b8d0abafa47f906c3fa33d5f92

  • SHA256

    c46a88b64c78c3fd10bfb3da78a8acf4804ddf399ce88b61beaf22b527482c64

  • SHA512

    8d40f59a0a235417d6b747f3e19f422eeaf8d18d2463a1fcea8543e3fcb09f5b6551e2112b92223bff5da5e00c589c8ff9ca994c1e0e3712a12f4194a25e11c9

  • SSDEEP

    3072:fnymCAIuZAIuYSMjoqtMHfhflixiiJYoAJYod:KmCAIuZAIuDMVtM/wJYoAJYod

Score
9/10

Malware Config

Signatures

  • Renames multiple (3438) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3902bb4ef3169571b8f38528ce333490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3902bb4ef3169571b8f38528ce333490_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

    Filesize

    147KB

    MD5

    e04ff2366c9bb560bbd78178a1f14c5e

    SHA1

    c320745a12fb1a1ca919d5902661c92ba3aa7976

    SHA256

    58aacbe8454f5f4ba4c90f7dbe196806725875db53cc59e499b62c3a774e31ae

    SHA512

    cef1fd100a66610b390bc721f6c6442f3e8b90981b30c985561fcf858a5e8a7a650a5c586ae2ff43a1fc304be5cb1c8ed72b76bf32b4c1f3c4e2756c61a7eeca

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    156KB

    MD5

    4938cba26541186a8bfcc6c5a3aca734

    SHA1

    430e3a41cff814dc43d883d5a613b8ee6e06352c

    SHA256

    129826a563cca589606384fb650a9e50932b45a135bdb2469858faa3ac7fd023

    SHA512

    6a6e7129cc4d297423e16eafaf2a39a0c270b14adda50d21c663d2d28f9090f5e2dde0d6734b8c416e88970990b1aee6d07294931fe2b39c8ecc553903738892

  • memory/2928-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2928-536-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB