Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 12:58

General

  • Target

    3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe

  • Size

    58KB

  • MD5

    3c486b0bd2c230521b765c1a9dec85f0

  • SHA1

    aacb222ead9f1103dcbd2dc17726a394966412a9

  • SHA256

    268bd15510e938a11ad408ceac7355b1733778e93868dad54c011420e08ead44

  • SHA512

    274b0786f6b53f45820c0f9f5b9aa069329626a6c95908d03481848e1bce940b1954486375f913711d53df8a95414aa35530626c2a9bf4d60ceacd227575d766

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLK8:KQSohsUsUK8

Score
9/10

Malware Config

Signatures

  • Renames multiple (3743) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

    Filesize

    59KB

    MD5

    0123082d00abca67149df398df6ae90c

    SHA1

    7ce2ec42e315bc7cf263949773404e90d11cb04e

    SHA256

    d4eb43fc6902eab82df4a49df0ebe80107aa6c0921944732d79763c636774036

    SHA512

    3595b53320c02e32ead2d11945f07da39d17052b4b60720f74d9ada255543ea9b1927dcea9b4b7508ef46bf61a475342e46bb9b04e77442f8a5e211290cc412b

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    68KB

    MD5

    ea5259754e04bfc5d5571d36143049cf

    SHA1

    b6c24e9eb1bfd4d10ae352560ca769fad862edac

    SHA256

    89f2aec04a8e62b54e81632468491dc7fa74fd1d856de9ac30df4cdcc4869bb2

    SHA512

    a6a8d0f5f3aae7a732fd1de67fe1ac1c337fbec538695fe20cbd6e7dac10d227eb70ba890d5df599c21bdc480559f00d54428d87a0cefe27235448189e672411

  • memory/1912-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1912-86-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB