Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 11:44

General

  • Target

    37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe

  • Size

    93KB

  • MD5

    37b65fd8da174505fe39a409a9760e80

  • SHA1

    f0ce29ec8192b5f25361fa836333e836456a0483

  • SHA256

    2a56914777cafc5db8a84ece39939e0cb01ac6147083e7046bd2c84effc51cdf

  • SHA512

    bdf4b48e915b1e074e0c63f89c6a3de803677305c1919c27d02e71b2296f6dcf29968160adbaa3fd9b95e8502b091599b38d4f9068aad4caa9042567ac122eb5

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaqvr:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXn

Score
9/10

Malware Config

Signatures

  • Renames multiple (5050) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

    Filesize

    94KB

    MD5

    646ca042619bc3e3ceb54b704f775d31

    SHA1

    c32f9bad6432f71e83b791ae29fc0c140d79b81e

    SHA256

    39bf42e7912ae1280f81e1c5fbe2a23a0d87cf225cd876dbab12d52b9d8d96eb

    SHA512

    c98a07d262f8ff79474b42af25e53f6535d2d4155a498cf49f6db47fdd7c0f9dc499a1b8e77c33107ebc4325ab13d19e9e97889a63b0bbc5d9285540495633c5

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    192KB

    MD5

    a518e9cba0406df944c5cf5c33818718

    SHA1

    ff6e9a66be61cde0bdaef095d7d0ec48559dd233

    SHA256

    2de91d7fba0c8a1500612f2c7967d119aa67a38fd494b3f63bc957a983a9652a

    SHA512

    8986a15c7085f7b09315269843df1d7cd57efadd0e29de7862e34c5fe7ccb505c3163a685a5396cde7d678c296ff1663b8b49a6bbda7395b3fb4fa5010d57294