Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 12:58

General

  • Target

    3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe

  • Size

    58KB

  • MD5

    3c486b0bd2c230521b765c1a9dec85f0

  • SHA1

    aacb222ead9f1103dcbd2dc17726a394966412a9

  • SHA256

    268bd15510e938a11ad408ceac7355b1733778e93868dad54c011420e08ead44

  • SHA512

    274b0786f6b53f45820c0f9f5b9aa069329626a6c95908d03481848e1bce940b1954486375f913711d53df8a95414aa35530626c2a9bf4d60ceacd227575d766

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLK8:KQSohsUsUK8

Score
9/10

Malware Config

Signatures

  • Renames multiple (5037) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

    Filesize

    59KB

    MD5

    9f9c245e0ccb68d56d0ac34daf26876e

    SHA1

    ecf4576488615c931ec6166f828b0b51054c8dcf

    SHA256

    df09e4edbf948f4d82bc703271560994b690c90b82108ab9d2453683ea2f8a3b

    SHA512

    2f828022f3328d8cab5dbee42234cd916561f298ab6c98c4181b374dfd6b07fa6800e8f0a70a197da6edc25d9745fd2101ca36719da1a11e1a1ce0ee096d9cb4

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    157KB

    MD5

    871acd5e897782359640aa4cb882071f

    SHA1

    f20cf9ac797542028e11c55a9ef5abe91f399470

    SHA256

    8645774ace845b893d7fc6b9318e294ceae3f8c8a522d9b76fd977cc051c20fc

    SHA512

    83a7575df15841542d136cc13c7b53bee36b1fb0bf575031159d56ea921e990e7ff05b03880af11ef0205a85ef14349073a80f2f16f340bcd2a60575af9a8885

  • memory/2728-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2728-1086-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB