Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 13:51

General

  • Target

    3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    3f87a6ecd68731725ac090fa7ff6fb00

  • SHA1

    a527379e0349a7dc695c18256a26849eb0954eb4

  • SHA256

    0846b2152c636b72bb25a6daceb93dd84da891c88ad6b8129f8b0eb3ad7eb28f

  • SHA512

    c5ff6c1c986c02f16a3c0a98fd7ec54cf784a02ffad9207918397f013c383ad990498a5c780f9a05f12c16dec3a9c8e86f722e2768d0a2acf348e48498d35e56

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecD5:W7BlpNLpARFbhblkYlkuvIYFWcDYcD5

Score
9/10

Malware Config

Signatures

  • Renames multiple (5353) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    b31ea5256e0fe43e53a932659311b74a

    SHA1

    d0cda870a0b04d8972f79108d803bd34afe2b396

    SHA256

    b99590a2198143dda13a725e4fbf1c9157828f8298efb455ff730e260f7dbcf7

    SHA512

    5d657dbba9180ea135da9db5fbc7a49962410e5ba35afa0391ad52b4e8713fc76835e63c4f39013b7eace83475e8cec95c517e7280bd46db9f5d1c0e8aedfb47

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    145KB

    MD5

    6e2831a36aa09a7215cde224a1af3ab2

    SHA1

    87e217cbc0c5cd7b524dd0ce6aca9393594cb5ce

    SHA256

    4c55fc11ce7594e94c2cf42b0506a69f7d5bd8bf39f87464cb564d07a97b2286

    SHA512

    a908389a4fa1663521ad71c6da4ae8645447ebec94128dae2893b2d265468d6d7d3e0a25fd19fd88f0c2ebec6b3ed6334a43637f384007137e0fd6d851182cd6