Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 12:23

General

  • Target

    3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe

  • Size

    354KB

  • MD5

    3a309989a547dfd36a3211bbfbffedb0

  • SHA1

    26f09356e322f12a53bd9d6a9e2d181a4be60b83

  • SHA256

    76c8b7dbfd5247e59ba6039111db50dff96a977e9e9f557fcc6290e2cf677321

  • SHA512

    38767803e43d113b8b02d316aa50071a700b102fba7e1deef83f43981781066a535baa1b2681cd3a620a4c2e49285492d20cec4b08df9baf96741be4a2ee767f

  • SSDEEP

    6144:KiQSo1EZGtKgZGtK/CAIuZAIuMQSo1EZGtKgZGtK/CAIuZAIuj2x2O:VQtyZGtKgZGtK/CAIuZAIuMQtyZGtKgB

Score
9/10

Malware Config

Signatures

  • Renames multiple (4373) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

    Filesize

    354KB

    MD5

    0194d19eb3e375f95e4a483485872c59

    SHA1

    12e47096d57563ff60182d0c939ec691dbd11c63

    SHA256

    50f3995651b3638d3f1bce5f0bf94856804d765b7d6e5f446a2151cdd91fac7d

    SHA512

    cc5c608a152e9ff17c55b8901cc28a0a412ed1cb49923bce184abdc17b15704cc5203f5019b931b0a04c5de4113acc4cfb16ade74421ab5bb129f92a7326d3fb

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    453KB

    MD5

    40075da22c294f39eab7e241fa6275cd

    SHA1

    51fa8acc1564e02674e2688608b804db50062705

    SHA256

    dd9b51394df4c88f5b3769947cdb3204ee9395e1cdbd2bea64c226f542d5ac45

    SHA512

    24a35717a433f467d73a969d02cc64c297cd6c16b791eb3dcf60e79c15c517eb059a0114b46817063820fee532b4e4849d06adaf027bca3f54df1b2fdc231c93

  • memory/3524-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3524-1436-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB