Analysis

  • max time kernel
    149s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 13:37

General

  • Target

    3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe

  • Size

    52KB

  • MD5

    3eb0e8e9b1ad24ccb8f9b348febaffb0

  • SHA1

    fe2888ca6768395803cf398b93915dd4043c3a8a

  • SHA256

    51b4f7913eaea29ed20a8417033299fbb48ea3fd82303f1b08feb2d0633c7bed

  • SHA512

    05627f8343dd4dbceeae985f83839def8370308a120f884f352b7c5d50f8118c4d6a8c5598884d72d9f3fe17d327af3e038f60333f89a72586eb6dfd16fc145e

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcBF:/7ZQpApze+eJfFpsJOfFpsJ+F

Score
9/10

Malware Config

Signatures

  • Renames multiple (5187) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

    Filesize

    52KB

    MD5

    4c7a121802266fb2b9c03d430fc766b3

    SHA1

    944dde769f2f6a1cd551f266f8de711e652cc8a4

    SHA256

    ad83ffbc8ec16e78d0ecd880a759309d02e86b19facb3ea896d2feb25d71f12a

    SHA512

    3c65728068e5cec5e0ea437e0e8afb7e44344b78b533f6d1a29a720f955b3e23808d3b086ece2074ba60883af0d7e0db45b7568971894a6b22e23fbf6ebdbfd2

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    151KB

    MD5

    a03db65ac8df25670322c599f44ce84a

    SHA1

    bba2a0828fb4d4c61bd4d844a835ad031f69dfd4

    SHA256

    4c7b4e4ea5f5efa449d3ad0a45d569fd7c826736ec8b774ba48d6fa68531aebb

    SHA512

    c8970d89b3ff9091c3a87ac4bdeae4924e3a2b3df5cf40472e4b5196272110c0eba5f3f674eb8c142f4e4bca19bc86f1ecf57a830223d4760ad4bb042326090b

  • memory/4412-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB