Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 14:03

General

  • Target

    4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe

  • Size

    68KB

  • MD5

    4048dfa5c8639391337e7209cecabae0

  • SHA1

    493354f299ed30ec98e77c7222dd9dbd7b27d48b

  • SHA256

    e9f5dabbd2194a2e845c293fa812dc8aecd1fd61b48b8f48c148718cf0b5932a

  • SHA512

    2e7125a042c9f3c23537c9a9480698c2833989144cd222cf445e8ab73a1c53933a404255ed27ebfe7434af327b688862edf4878dfd3fd3baf52331fc9e58a074

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8w9A:fnyiQSol9A

Score
9/10

Malware Config

Signatures

  • Renames multiple (5184) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

    Filesize

    68KB

    MD5

    f2b5601f2c2eb9cd47a694f0812cdadc

    SHA1

    9ce6a80dffd8ff169f49ea38fedd5a2b92c9021d

    SHA256

    64e0a71912e6faa73a21e548a054ef66b0ed3dcc0e2e9d56d8866b2b836b3a4b

    SHA512

    e1db5e98242e97095cbc773bcb730f52bbf127e95f8c85b9295e14c061566196975bf566d4bd46fb9cb5da946d2f5dd551e3b075b154f3a1f5c0e0faae6c36b5

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    167KB

    MD5

    56b9c416bfbcaac30f20fae80257a9de

    SHA1

    10d327523adeb2123f3f757735bd64f56453e84c

    SHA256

    bc0c4ba72d2382a868b3fa33a406c1ce9e13fe4c50de408027e5678285752b97

    SHA512

    489062eb3ca6cc0da8a0d1e48fb028d06c72fb459bfe17691a4e0aae525d2477034a1024843172cf68dca01b37e6a89d895695854b718c97dd9561b9dd6d134e

  • memory/4564-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4564-1950-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB