Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 11:47

General

  • Target

    37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe

  • Size

    47KB

  • MD5

    37d9fed2e1cca9ec35d35d8eeb26cc40

  • SHA1

    551baa7e0c03264ae04ba0006fc11c361ec95319

  • SHA256

    243d02490daa02f0746a2b6f2e0f4b95019b0a303ffa69a390644732524aab75

  • SHA512

    fa919e83ddeaa4f416a2b53e7b0b48e893ed4aa6e0296be3998e034496e278a3732135f2a5257a7f7e34714429588b6aebfc3fb4832be2bb9ae9f2b7970302d5

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNmIAAM9mSIEvd5BvhzaM9mS97L7mak:W7BlpppARFbhAzEXBww7L7I

Score
9/10

Malware Config

Signatures

  • Renames multiple (5072) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:5036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

    Filesize

    47KB

    MD5

    43c5e603b67e83fcc76cc649d1f5f9b5

    SHA1

    c33af2af741f19806b58bf4b2f45bcbf03a3fc48

    SHA256

    45a93cdad7cee11aa7067333133f49f434729294f5f6c4857ec08cef97f63a78

    SHA512

    8e42f906a1d5402d510891b1142892b19dc0b3676f638736334fc51f02f4fc40debd0d72b06a3c327d4e0efac854e48f9662a0a0448f8f9f1f10850fc2bb91cd

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    146KB

    MD5

    eb3ae1a14d9497f34c67d364b096753c

    SHA1

    b440e40a7f014ace74bc274555439dd3408ec7af

    SHA256

    0d3bb60bc36cb800e295ad0b76849514a3065276ef4a0cb2a23ad0a1d22ca77c

    SHA512

    dfec03500e0e6a417179f391196a296180adc023db1bca174f4dda2896a5252f369536d05734d575de6b42be4eb8ac2b88dcf4e13ebe3e279bbe9e0c3e0304a0