Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 13:37

General

  • Target

    3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe

  • Size

    52KB

  • MD5

    3eb0e8e9b1ad24ccb8f9b348febaffb0

  • SHA1

    fe2888ca6768395803cf398b93915dd4043c3a8a

  • SHA256

    51b4f7913eaea29ed20a8417033299fbb48ea3fd82303f1b08feb2d0633c7bed

  • SHA512

    05627f8343dd4dbceeae985f83839def8370308a120f884f352b7c5d50f8118c4d6a8c5598884d72d9f3fe17d327af3e038f60333f89a72586eb6dfd16fc145e

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcBF:/7ZQpApze+eJfFpsJOfFpsJ+F

Score
9/10

Malware Config

Signatures

  • Renames multiple (3867) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

    Filesize

    52KB

    MD5

    c5a4823db731e0bcf4cf30498db6ff68

    SHA1

    ff560cc2f6996b41c78ffd0fa8ecf3b77479b0aa

    SHA256

    bc7b41698d630d96a692b8669d4167f82369178c5103714de40763757412ef62

    SHA512

    bfc812d1b0ef64c070dd8000b46028abf5de22b0022107e33d87f616cc97b3207ab363f9b4e80a6ffdeef22c9c8c71d668c8f5b172d272872782befe3023d917

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    61KB

    MD5

    9a965ce7bdb1b60b958973918bfb9756

    SHA1

    55efad8f125a3b232e30484840b1bbcd2422a222

    SHA256

    3d7a1ada078294b8717c67c6d32f658d637d55b76015ba764f2841a9c6913484

    SHA512

    b87fc29306a938d1ee258f87cfdb7be9c8edf44c45634aee7caadf72a2e6bf7295c9ea9134b8049ea7d56fba4f18f9bba293903628dc90e08778fea36009fe96

  • memory/2192-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2192-650-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB