Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 13:51

General

  • Target

    3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    3f87a6ecd68731725ac090fa7ff6fb00

  • SHA1

    a527379e0349a7dc695c18256a26849eb0954eb4

  • SHA256

    0846b2152c636b72bb25a6daceb93dd84da891c88ad6b8129f8b0eb3ad7eb28f

  • SHA512

    c5ff6c1c986c02f16a3c0a98fd7ec54cf784a02ffad9207918397f013c383ad990498a5c780f9a05f12c16dec3a9c8e86f722e2768d0a2acf348e48498d35e56

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecD5:W7BlpNLpARFbhblkYlkuvIYFWcDYcD5

Score
9/10

Malware Config

Signatures

  • Renames multiple (4071) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    ab03df8389ab70595585d7dce380fee3

    SHA1

    27a14caa6aac57bc5d7c911a4c376fcb212439ae

    SHA256

    363804ff87e37f22c7241509bf5e2eaa7aec114a7319fa990ea71c7655cc7b41

    SHA512

    d14ef7a1bd63067b8af5677ba9b172279fa2089117b90c5aed5be55eec29fe2c05680788bb26687cd28cf7593620fa94b5818a1198f4e4e955364017886928d7

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    55KB

    MD5

    3ea171d19e261a5b7b7498e9b05d99d4

    SHA1

    9dfb55da791bf47745c48fc34b36d5c6f42a2b52

    SHA256

    53d7241ecd1fd8e553bbd0407c0497ac606a751e0114f59a6f0189d7ed30d6c2

    SHA512

    7ce626e6d8bb9e58560e1a71efb3a5dd910e17294afd45a47cc0b3c6373fe397006ecd97828d85f5eae74f4f93537de9e3f8a1b2cfa8353a622eb3e22793931a