Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 12:05

General

  • Target

    394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    394bcf9d882a3033a05c141918bf6b30

  • SHA1

    8e4bcdc061becb7e96bc2d703262eef91dea5771

  • SHA256

    cf81fca239fbccfcac1cb95d68db3e8cb45ffaf627b0c00db702955a16fea02d

  • SHA512

    0e623739fa8062b02154b80b4f985b1210e73538a87acc324c1ac7086034f5645d1c0b000958b37b506d5cab6617ca250ff97924d8456dd61e913330c372f51b

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhP:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsG

Score
9/10

Malware Config

Signatures

  • Renames multiple (3612) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

    Filesize

    78KB

    MD5

    f35cf0aa46320cbb224adf11e2a75776

    SHA1

    28ac0508dff250182466848ac0232edce24307c4

    SHA256

    66deeb2936f2f365fe542dd9659c5faca669f4a5366e997655850283858cf367

    SHA512

    6182c59c833ad73c4dcb0ac76cdd581378d5d5d50cfc41fe30a471739cf8c30df46b6d2c38925ab1af8d0aace68a0a343e9bf725df8e79a07a1bf0ce8159f06d

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    87KB

    MD5

    b678033e000a22488108c08ad788dc38

    SHA1

    ff1b115e47917bb3866205e897eeaedf6b8ed560

    SHA256

    5b6f513a6ea868412e64cbb1e8ac6b95ed281530ff1fdd00396744ac2b74f472

    SHA512

    c560c385d8b1c818b697b475a3d4cc96d69d49fe402a7e79dd095315ca424ce582e254eaa7f9c9e2e412520ad19840e67c1dedaca41273150fc06171c85e2613