Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 12:01

General

  • Target

    3902bb4ef3169571b8f38528ce333490_NeikiAnalytics.exe

  • Size

    147KB

  • MD5

    3902bb4ef3169571b8f38528ce333490

  • SHA1

    c76b0ecb934330b8d0abafa47f906c3fa33d5f92

  • SHA256

    c46a88b64c78c3fd10bfb3da78a8acf4804ddf399ce88b61beaf22b527482c64

  • SHA512

    8d40f59a0a235417d6b747f3e19f422eeaf8d18d2463a1fcea8543e3fcb09f5b6551e2112b92223bff5da5e00c589c8ff9ca994c1e0e3712a12f4194a25e11c9

  • SSDEEP

    3072:fnymCAIuZAIuYSMjoqtMHfhflixiiJYoAJYod:KmCAIuZAIuDMVtM/wJYoAJYod

Score
9/10

Malware Config

Signatures

  • Renames multiple (5019) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3902bb4ef3169571b8f38528ce333490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3902bb4ef3169571b8f38528ce333490_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:224
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3452,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8
    1⤵
      PID:5088

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

      Filesize

      147KB

      MD5

      7e20c0060445722602be9724ec2ba914

      SHA1

      916f1fddbe600e1bca5b5aa27fe38ace48c38065

      SHA256

      43e4cadb3147cbe5b262566448ca7105cc9c9af10b0e6d4956f9a43b1028d6fc

      SHA512

      09400172346ec57ffd8dceb3e418dc8998f31f0bd7a0765eee27ba9d805681b869d05a8bcad5e215b46f8e8e3739457273733a587f7e8ecbd75016566e9fe835

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      260KB

      MD5

      cc8f1a0af5bfdb7c8668f83ec8534cf1

      SHA1

      29b9707d3453adbdfac49ba4893668816230b8c5

      SHA256

      67cb8e4e16636549dd7eece77bb179a0961a220845fbb43c2b796b47afc3d435

      SHA512

      6010bc6066d60643e5a597e082aaea7b89e9861884c9d5257ab627e14d37bc384763dbf2242a51e7956d970adec69d2704ab78e2147de8359c1f6abe9dfc4bbf

    • memory/224-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

    • memory/224-1790-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB