Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 13:34

General

  • Target

    3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe

  • Size

    48KB

  • MD5

    3e8ca8ba0b9512e5dc4cb0799d8ba340

  • SHA1

    8af6930a00c902a4fb2cf11dc19ebb9d1a93c1a8

  • SHA256

    2e947653ef749a01acb27330094478c2e928ef39c86ad79a556da629bc1cbad9

  • SHA512

    31482ae7c2b780c9f1dec6d7fbe4ae13eceb612927de110d775d801bb3d969c393fca34e563dc0b73fb03ef1e34a47b81832b1f78ccb69a53652c64732e50067

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcj:/7ZQpApze+eJfFpsJOfFpsJu

Score
9/10

Malware Config

Signatures

  • Renames multiple (3755) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

    Filesize

    48KB

    MD5

    9c77ba0e70a45bb1d49cd7dac6ebdf9f

    SHA1

    9e712aee38864a62925fb05bfbdb34fe17c95b1c

    SHA256

    1891163fee0ed4851b94a2d492c6846ff33348bd54d91f6dd03a36f9ec764009

    SHA512

    201fce91f35609a01f14afcff1157ff5c5639829d1679516622e612a4d768be7871a6b068b85bb2a66ee6aa34f590f9d0056e164d16a516b035d7c6eaa74c823

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    57KB

    MD5

    2051d6e5729407d71e35d7680d3b941f

    SHA1

    8a31cde82e550d6922ec1edbf10a435df25dfa0b

    SHA256

    72d175d3576604eec91b1bbce23b0e7936a9111e44a54f88278ebf67e1385be8

    SHA512

    303963e055b4921589c5cfea262e56cac0f83fdea8f0cb51c518e9b9ececbc1a9e3e195ecf58152e1585e6627b1132f03f78ecf811e0971480aaef839877d7ba

  • memory/2940-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2940-666-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB