Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 13:11

General

  • Target

    3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe

  • Size

    135KB

  • MD5

    3d214e95757a3f4b87ff3606e29fa7d0

  • SHA1

    353ccdb27247eb7a4add1ba74e6b473e9392e340

  • SHA256

    438d333b469329c7cf4ea3540cb28fa8a844c897c2275666f0df89e7cec66e0d

  • SHA512

    b866aa408270c08953f7e021e35aecd40c3ebe68a0d8a92c333abe7ceaeea759f0b5d0e1572dc3e4acc55449bae36d3a5c81b680e64e241f2af2fb50d17e8c67

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsJOLKPTWn1++PJHJXA/OsIZfzc3/0:fnyiQSohsUsUK7QSohsUsUK0

Score
9/10

Malware Config

Signatures

  • Renames multiple (3449) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

    Filesize

    135KB

    MD5

    b31624fe0a420df37138f160c1d00783

    SHA1

    22ffdc6113fc7a76084bbcd232c955a56c319283

    SHA256

    f494f0d46bc00eea9d5c8e106df6da263c64b32c3e831a5ecab29691a6e0803b

    SHA512

    50d62e4358c30fb7e7327db9f9d58a8f4970c64cde873fa851f54f98370209b3c4ebef266d4c6a6ede96f3bd74d6d4f8e2ed59ba80aee756d655636db2a70622

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    144KB

    MD5

    96701b745c31748ac6de0efcc1552f7a

    SHA1

    5f48d3a153fdbc6c1a2ba04b24c1d39f8364e754

    SHA256

    55c15cae248a7e080370f930f6e344ad9cace2b7376650d8a0f6e3c8d7d03ffb

    SHA512

    18833e3146c7295dea774c899216e0ce2b5b2150a579a7f99beb386c803f25affeaabfe63994fa00a0bb16b72d591e247016082da45c6fcf9971d1d760a4493c

  • memory/2180-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2180-648-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB