Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 11:47

General

  • Target

    37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe

  • Size

    47KB

  • MD5

    37d9fed2e1cca9ec35d35d8eeb26cc40

  • SHA1

    551baa7e0c03264ae04ba0006fc11c361ec95319

  • SHA256

    243d02490daa02f0746a2b6f2e0f4b95019b0a303ffa69a390644732524aab75

  • SHA512

    fa919e83ddeaa4f416a2b53e7b0b48e893ed4aa6e0296be3998e034496e278a3732135f2a5257a7f7e34714429588b6aebfc3fb4832be2bb9ae9f2b7970302d5

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNmIAAM9mSIEvd5BvhzaM9mS97L7mak:W7BlpppARFbhAzEXBww7L7I

Score
9/10

Malware Config

Signatures

  • Renames multiple (3752) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

    Filesize

    47KB

    MD5

    fb3c38344e811742395bde21f2fe7083

    SHA1

    d7707dbfd559b132d6991f15fb9ff5b6a4f9f474

    SHA256

    9ec198ebd91c6279840c6ff4e368ba030c4c4301b621cfb8e12f73ba09309816

    SHA512

    6268d6875b899fc24c3b6ce10b0f294fa75f41c96a06ab074bd3e53d03ed4557027810922d3c31dc8c14c065fd7ad64eca71e5b0458ebf2aa5741f94901012c5

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    56KB

    MD5

    48061ef11d79d25eb9509b62406ce950

    SHA1

    c97de0d56ac67dc6be4b05ab60fcc0c4d338904d

    SHA256

    3a0c03225397bc8b746d5805205014bf0a3e592ce02f63d064576ae848e6e13e

    SHA512

    7ffa7712ef366f2c4e2fd6705075a35dc468332b3222d5f92b04a81edb52733650e5e9b1b46f1e0d7b3ef92634982a1a05b80113ec5f3c439ba51f6cf0e075a9