Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 11:35

General

  • Target

    36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe

  • Size

    128KB

  • MD5

    36f92911e57b006807de506cbe2cfd40

  • SHA1

    bff3564968e71eb51748ab0802cdd9b85dc9d804

  • SHA256

    3a648ad9eb147c8f6278edd036b8595d7987b89ec74d75a6c58fc6a9944c615c

  • SHA512

    800a1c1b9527046747d544dc15732188a422a78593f601ab0fa759b77248dcadef0fb1ae0233493f14507c47d89e986b400f99bf0c3983271003712ec7210094

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IFqgnDfdPux8I20AoGL:fnyiQSohsUsWU9BK3FqgnDF2vIL

Score
9/10

Malware Config

Signatures

  • Renames multiple (3436) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

    Filesize

    128KB

    MD5

    f0085a05f74df3d6772fcc65d5a8ebd2

    SHA1

    4ab686f7d0f5c1f0da98ec5a3294de0cc22d5b8a

    SHA256

    fa62259b66fd24e221392a20b05a2c42048cd4d55120ebc2c84c1b03140e9e36

    SHA512

    6369fc1f76d1eb368f382e2067bceee0aef716d541310a91edcd739f5c6952b68ba3937781eecd12440a9afd3bd4b57236312883d9d6acbea945af6c976af3a7

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    137KB

    MD5

    d0f6a53eff6e00b9060beca81aca171f

    SHA1

    5c2893d70c0f3fc6a63473f388e88c524cdf2356

    SHA256

    2f89367abcc8afeff88a008a08bc427eb50d5031201cd83c092e6080c59a8b72

    SHA512

    701095bf54963764a6eec78a21f987b3a9703e14a6fd8601353222ee8b2f78a2eeacde6f7b04f80e74153f7964d9cb13dd0317c33be9a69d7f0784d683e11c3b

  • memory/2388-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2388-650-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB