Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 13:28

General

  • Target

    3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    3e57525d1b48636a9ff42d3c5b7de0c0

  • SHA1

    f15ba37b3e4c94d733cae9053afa777c860f75cf

  • SHA256

    0f73c109cbef0128cc42ddab50cf3628fb5b551a7f2e2a18c58aeb8a4b821b16

  • SHA512

    ea9cf8fa4233f910e2ef9b7925ca0199fa23070f92a7dc5ce088a0deac2a179371ba3ec225e129bd5e2eb5838dad3424673b9e727c4675774bd0310e07eaa22a

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzP:CTWn1++PJHJXA/OsIZfzc3/Q8zxN

Score
9/10

Malware Config

Signatures

  • Renames multiple (3728) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    d0d0bd27abb052fc2767d25a462982b3

    SHA1

    60c026294f6bcde7c4687bada76db4caf7aad0ae

    SHA256

    2ae9a50f04c8d1f0386b078b5d9a481f7c07a1568a870b0c08de273a5a0da5ed

    SHA512

    78be3b3a2aa2539a2a0372545c3389f866a4d2debc5ec9b262c334668b9e5e5cb2371b37ddf0645a2a8249c8704a2e2654a74ec508f044115f43542ad740e5fa

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    55KB

    MD5

    ec17e8229b9fc658d71d304fd6b5ed15

    SHA1

    c857753bf65f5f6ccad6e32dd39eae051f09c976

    SHA256

    965534da6f51cd11dbc810b1d08092fa88b6a974c43ff6ac524f8291992efe75

    SHA512

    c348b549fe9406b7e4f480ad3019db2f1d195e97d9c1c561e7be9393431ad50db5eb60f2b6cf0fb3e0d8a4a1bf28d29c75db34eac86770046c99d4e8a010fbfa

  • memory/1460-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1460-76-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB