Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 11:40

General

  • Target

    3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe

  • Size

    89KB

  • MD5

    3762da172002e778d48ae8959a69d260

  • SHA1

    33cb5e6099880411b9e629e56cf88fa7171e1702

  • SHA256

    4410da8a6e92916727b79dd2629f5eb24b75604f7487bf2cfba981389be06fff

  • SHA512

    a613cc1490ab899de37c469bfc65c64e34a0ebcd1ed4f1b7415f312f93c5cfb6ea1dfcb50954292d63e820406e3854860bbd26027cce1f8f0b157ea7c8feb9d8

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tITcfNrRk7VP2DzpQAP2kTg:6e7WpP9oVLQthbYY9oVLQthbUrt7tIT1

Score
9/10

Malware Config

Signatures

  • Renames multiple (5196) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

    Filesize

    89KB

    MD5

    c101517e19b0ac8d05156012215b6d41

    SHA1

    e948c0c757c747f96a467337f154277d00bfce7f

    SHA256

    878caeffb03fcaa8a052d92ad2c5c004e5c92802e6edebbe5d39057cf2c6db82

    SHA512

    35b0eafd02365dd18f585eeee59d196e7b17b542c70a8db79dffa533e072e17b447a83341672e0f69c2e3ba5da5f9f5b229834579128d271a0e503cc16bdee80

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    188KB

    MD5

    a06d9266a98e3f5748eada3b708c1093

    SHA1

    671eba720e9683000fb5d6bb12a26a6b68a886d2

    SHA256

    fd815bba0d7fe320b82bf37d0926f7265c1ef378ddecd2d2226c62d3f85ad35d

    SHA512

    011e89138973a68e2808003633a4d406418e51d58ede0150e95d4f977323073bb229d7401e0bc5f0739dc72335ec05c7c9d63821c54d26a80be8b2b0bfe02eb3