Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 13:48

General

  • Target

    3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe

  • Size

    41KB

  • MD5

    3f5a70b03c7345a7f3650433d0e0fe10

  • SHA1

    969ae5bf867daf47697416ef9b69139c2aa2cf6d

  • SHA256

    588d70e082058cfcb79b1ec14c868af9096d2d3d82baa215e328559f4b9b227a

  • SHA512

    753f0d88f28a3b0701837860a5305c88668b5eecf12c92efa152c3cda06cfde003d45eeb39e9339abbf53e46dc58780660bc76c589808e53a6a7b2ff1679b445

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHslM:W7BlpNLpARFbhblkYlkuvIYFdu

Score
9/10

Malware Config

Signatures

  • Renames multiple (4071) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

    Filesize

    42KB

    MD5

    41258d921727a2de779050df3144d3b5

    SHA1

    a34bf1976b1517ddffbe1d0c2d57b9c772fe08f0

    SHA256

    a32f82a1046c0970de6efcc1c83ef847e5caaf75fa6e330d088bce066e6b5caf

    SHA512

    477f38d6bc340f71c1bb57a92de2ae0e72552f68b144ca033ed8e62611ef0f367795c1315709bd4708d4b87b7891a3541a5400ed30ea204098a0ff60f8091319

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    51KB

    MD5

    f3bf95a6d9ed5ca11b1a9731d6492f09

    SHA1

    e3e579ea2293206ab3ce32a3cf0bb7075e42cc8d

    SHA256

    79f6c638262aa776046ed043e37a6d978215846a158df143d692167ae5c50fe8

    SHA512

    bdd858ee29818c41dbcbc05f640ae59431e688db94225b46c72eb66544b6ddd9f68278da43f3bf7e81549f912281d2d9db6ce6972feee8ea66f0e1e5cc44fb7b