Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 13:12

General

  • Target

    3d370a08ce3c82fa6ccd41346b906580_NeikiAnalytics.exe

  • Size

    101KB

  • MD5

    3d370a08ce3c82fa6ccd41346b906580

  • SHA1

    52e960022bd5b8e58aac82aef9efafae4d6ab87f

  • SHA256

    a5aa5039316d64afe7234defd9c007e4ffbbbeef66915a7490dd44c33c7b2d46

  • SHA512

    19db8c9d29953403acb86fc8e7ea609bd4de2017de708d57a985474d7bb89d91cbaea5b993deca5e0785ea97912df596fef947a77670b3be0fe8758654695f61

  • SSDEEP

    1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuyxX5rQulG:enaym3AIuZAIuyxJrQulG

Score
9/10

Malware Config

Signatures

  • Renames multiple (3678) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d370a08ce3c82fa6ccd41346b906580_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3d370a08ce3c82fa6ccd41346b906580_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

    Filesize

    102KB

    MD5

    dd0b6f9efba26db8d1f2b68070a419f7

    SHA1

    12a42595a436c247c1a656bb0967dc62361fa49e

    SHA256

    662576ffb6f3160d4bf127b0b0a599a45dec9f77566fcca05eabcfe2a095b1f6

    SHA512

    f3334ad6ba6b909fe13dd66779a61b048430420e9cc8a4348685fe991c7bfb1b2df4b24bc97c74a8949c0deeb8e1218300ced6646d7f3e36fee98f6344777384

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    110KB

    MD5

    34591b8546c8751692039cc0c7c57183

    SHA1

    83917368dad43c6f585ab09ab2bcb24f9ff7969b

    SHA256

    13a4348d368e1869f238a46001eddd2ec8df5e7eeb3bc02c7418946438a13b4e

    SHA512

    d548fc99fd8cd8dcbb00e1688da1e56598dface44f017e0b70f6516ae9b7ff1bcceecca159412329709caeef4f6c35d27046d4d71735dad9a411f8fc4839ed2a

  • memory/2180-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2180-662-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB