Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 12:18

General

  • Target

    39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe

  • Size

    316KB

  • MD5

    39d60a42b89b07b7b240f8e1888da680

  • SHA1

    a8c1858e89a40264f051458256fe12fb8f8cc827

  • SHA256

    9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19

  • SHA512

    e9eab67608172d16acb02c8531d183e58eda661762cd717b8b676446a3f86109c757281ab7e977b6e777b301624850df084e51631fb3bbffb51adab044464d59

  • SSDEEP

    6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vt7:3PxPir9RyiIuGcKbpaSL4vt7

Score
9/10

Malware Config

Signatures

  • Renames multiple (4636) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

    Filesize

    317KB

    MD5

    750c6c6d0852561354443a9a71ecc432

    SHA1

    7d7ae70a1da2a00f97d9088b9f7e02fff308e94d

    SHA256

    9a390f7b2d3f83e0ea7d1235e6c73f3e9dc4d7fdabc5e40a71d568864d241d62

    SHA512

    0e84f9d25be17f52051061f581dc944923446af77d6e445400444b5aec0b5ecee63c0ad243faec8fcf0b5386590ebab9edbcab4f4ea65b3fcf65174e14fdca89

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    416KB

    MD5

    7061d979f811234101d7c0a0e8440d1e

    SHA1

    cccf09e8e7228068d3cd13f80ca259ded1cb8284

    SHA256

    240d58f38554ab89e47b2a4bb1e283b2344f5a10c39dac68650e0ac1c9659e78

    SHA512

    c0492c78833026cb5bab4afac627f297c0e36fa94132135d3012e6f5bc1df42f1f60f7a50edc40b0cd884d3fa835523dcd3d12596d7b6766cb83c5d7c7bbfe9b