Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 13:48

General

  • Target

    3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe

  • Size

    41KB

  • MD5

    3f5a70b03c7345a7f3650433d0e0fe10

  • SHA1

    969ae5bf867daf47697416ef9b69139c2aa2cf6d

  • SHA256

    588d70e082058cfcb79b1ec14c868af9096d2d3d82baa215e328559f4b9b227a

  • SHA512

    753f0d88f28a3b0701837860a5305c88668b5eecf12c92efa152c3cda06cfde003d45eeb39e9339abbf53e46dc58780660bc76c589808e53a6a7b2ff1679b445

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHslM:W7BlpNLpARFbhblkYlkuvIYFdu

Score
9/10

Malware Config

Signatures

  • Renames multiple (1601) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1988
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4896

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

      Filesize

      42KB

      MD5

      8af82d1df1844444ada778fcddfea20a

      SHA1

      0adf0ca1755a53dc4b4658cc28c2ba03e54fb0d3

      SHA256

      f4e94f3e624875d83c221629bbdcb69f615223dc802eb585ccdc4d51b0abe5c0

      SHA512

      09efdfbc09911080935be0d7932a904dd8f9bd346d5015a0bfb6c7274093e7259f0673b3ca87ee59286d54b4f284a7cf332f3ad52c8cbd82bcaf27f310e941e4

    • C:\libsmartscreen.dll.tmp

      Filesize

      42KB

      MD5

      4fabf610ef883860b5839a5a4b3317e2

      SHA1

      e24d4931d319441ddbc9390fd7d9f1b1cbf78a82

      SHA256

      4e6dc8f95d27903bb7ad3f53fb88f9ca3a98025179dc5c31408ad957363d5fcd

      SHA512

      f7ea89806cb7f0c03d0194dada2e806ba9eb0e20e117d74b5748a00ecd05a69e1d7e334429ce949f3bcc0f734968fb54d71231ca347cc8855b9d5612cdb32cc8