Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 13:34

General

  • Target

    3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe

  • Size

    48KB

  • MD5

    3e8ca8ba0b9512e5dc4cb0799d8ba340

  • SHA1

    8af6930a00c902a4fb2cf11dc19ebb9d1a93c1a8

  • SHA256

    2e947653ef749a01acb27330094478c2e928ef39c86ad79a556da629bc1cbad9

  • SHA512

    31482ae7c2b780c9f1dec6d7fbe4ae13eceb612927de110d775d801bb3d969c393fca34e563dc0b73fb03ef1e34a47b81832b1f78ccb69a53652c64732e50067

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcj:/7ZQpApze+eJfFpsJOfFpsJu

Score
9/10

Malware Config

Signatures

  • Renames multiple (5349) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

    Filesize

    48KB

    MD5

    22e8b5fe26ef80506f46f5f8c1bfa65f

    SHA1

    f134d3b326a64d771073bfcee342b0c390cc2835

    SHA256

    264fcb13af9c6d770e6954ec8ae045c89bd9215c10c31425a68f47a6f9bf25b2

    SHA512

    b2d4365d627a3e83c6b6d71b4dba900a43f6bdab95b348e602d92c19e067fcef3f8324448b6f31e2122ba4a85d8efffd56c5759f8f4d12cd816e193bb21799e9

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    147KB

    MD5

    8ac2884cd000cd7823a6ecf137260015

    SHA1

    bfaf9a12ae772ae2b4ef2060bc16b4b2f810bb1e

    SHA256

    7e824b7a0722a90511255aaf2032bc7d20b318620991c75823772f42612e1d12

    SHA512

    75e0e6a4e74c795ffd3b04ed6e2ef2c21dbb9c2f39e2abdd9e9ec9a6f8a25f030367abb1bc69429ba21c16ce7e0079f7116be07e5f98c7ecdc0105599e2f5630

  • memory/2256-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2256-2016-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB