Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 14:04

General

  • Target

    4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe

  • Size

    51KB

  • MD5

    4050f1c57348b30e6c6b9913a3e41bd0

  • SHA1

    5aae4eca1633bc22042098638c79e7b94cf7ed87

  • SHA256

    ba21be8c36799d80b4d123cd3e7fbacf92549a146b8f9ec451cb7683f0b808bd

  • SHA512

    eca09860bc6ae243ac571185e9cce8135744bb7ef30b6619d1a22c5e37065ea8cdf7fdb627d954cdcf9b9614d88d332c50a62db3229c9a478978d66cd046fa9f

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbN4meWpcccA40y4kMqre:W7BlpppARFbhWJQi04q4v

Score
9/10

Malware Config

Signatures

  • Renames multiple (5332) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1508
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4004,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:8
    1⤵
      PID:2792

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

      Filesize

      51KB

      MD5

      51d1962e5743070dac2504da3ead1b99

      SHA1

      6f531538fca0eccc65d0911b13dfbdd08415234a

      SHA256

      ac8cce66fd576f9010c5bcf1b4bb66a4140df7a53a865cf85cb35764b959a2fa

      SHA512

      734f5424a1790ceb98fc4c88b0cb873159289415c01e4965db1d99390736d4e31fd11c87947b3238ef7d512fe08fced6ed56dc0110c5881d0facd8399db84d46

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      164KB

      MD5

      88ba75d96eb530c72bc2eadc7795fe33

      SHA1

      97d325b25c56548b43eef3dd64a48033abbf36c8

      SHA256

      a261b11f11b0c4f56594512bb9d05a17a13938e625820a434b0b2f82f5580335

      SHA512

      2b2afebe12227c88e043167f51fe426f963627f1426aab3ce3511a3d07bbae492780bd6d28969000d4b884e9f5923a247a16cbe59ca7e56380100f1127a9e2a5