Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 11:41

General

  • Target

    376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe

  • Size

    54KB

  • MD5

    376a999a90e1f8d1ba8528e8e8794fb0

  • SHA1

    0801f714cabf4ed1f3db6c45c938f4d30c08e95c

  • SHA256

    7ccbb21a7810fab28f670b813f5bb1a834acdc94cba5d2a66e445adf410a20f4

  • SHA512

    357333f3ab44fa471f06ebea008d8b7adb1ffc17279be0dc5a24dd3712c1eab40ced320484590d032c2966559511ddd9f6e20073c5de4d41dd1ffe35834ef9cd

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQQ:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8RYZ

Score
9/10

Malware Config

Signatures

  • Renames multiple (3823) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

    Filesize

    54KB

    MD5

    7fc4b0edf955a42426c3d4086dac19cc

    SHA1

    28b775c33c7737865250accebfac1ea276bb6796

    SHA256

    67f14347c27a811053b1380dae8be4e11075a9db7da6ca5baf80647683007d20

    SHA512

    1509d19e6447cdfe5b55282f1030764f1ee0dbf5cfc7736a26605a99397b9c00754425802f60b81e28f3d1866089db58bdb9f7bb472ca781bac769d609ae72ee

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    63KB

    MD5

    dc4559d4ffbc481a067da39cc7107143

    SHA1

    589aca4cfe336fa3f927f88d0123bdb0b3950756

    SHA256

    b75edc612ae7b8651d572d86d141a3e2f8ba3b080c287b2c29ed00e8616c5a6a

    SHA512

    15f345d72e013c77af6729ab321365c29f46d9e3b4b8b8e59c2b449d7b5576a5f7f40b7f2b4371805eab7e21f1c005cb789f38e6a76a85cbf361063a83be9302

  • memory/1492-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1492-86-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB