Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 14:04

General

  • Target

    4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe

  • Size

    51KB

  • MD5

    4050f1c57348b30e6c6b9913a3e41bd0

  • SHA1

    5aae4eca1633bc22042098638c79e7b94cf7ed87

  • SHA256

    ba21be8c36799d80b4d123cd3e7fbacf92549a146b8f9ec451cb7683f0b808bd

  • SHA512

    eca09860bc6ae243ac571185e9cce8135744bb7ef30b6619d1a22c5e37065ea8cdf7fdb627d954cdcf9b9614d88d332c50a62db3229c9a478978d66cd046fa9f

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbN4meWpcccA40y4kMqre:W7BlpppARFbhWJQi04q4v

Score
9/10

Malware Config

Signatures

  • Renames multiple (3758) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

    Filesize

    51KB

    MD5

    f511c4e8cd86bc56116a36cedd7ea4f9

    SHA1

    69c53d24ae4f2f4a62c24d42167e5c3f2f3a7334

    SHA256

    3e7930a6c8c9d96464feea8d317cc2c21852164c7b503d42776efae038283827

    SHA512

    d3f147dfb455159e14180ed6b343feca567597f92c73e07f4dbd26e26c3260ab28f47c6dcb6511943c519a6272dbd77afc98b6fb4b9a2dcc015c8ef00be0d0a0

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    60KB

    MD5

    71a101fb280b1df79ad71a0079468246

    SHA1

    2200a010c70f31fc63c7b8baac38df0befd1add8

    SHA256

    2303ed95f798609fb6678b993963452d9f1876ec924a60b891bb0fb514d0ac73

    SHA512

    4999c2d75feb0542b264106ec059467a64185c3591ed1cb43cf801e1dce2323c548bc92c198b1099feef71900cb710c9f933737eb2ff0ee84c8ed0f081604956