Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:50

General

  • Target

    54cbba1548f897a9e5c985ca62986530_NeikiAnalytics.exe

  • Size

    54KB

  • MD5

    54cbba1548f897a9e5c985ca62986530

  • SHA1

    7d737cdec79fcc54e25af9a946bcc504d6aaa706

  • SHA256

    2d7780135266c06e0f3dacaa3504205a792e7cc48c1d0ec57bcb40ae354399a7

  • SHA512

    fdfc8ee693cc1aca56fa8369832f3a8d0180bd94fb5e827c065bcfef3085892a0c139b43a2aee9f4dfa6013f4805fe14e741c37f8d558210fdcc4950f99eaad1

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQ3:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8RYK

Score
9/10

Malware Config

Signatures

  • Renames multiple (3668) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54cbba1548f897a9e5c985ca62986530_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\54cbba1548f897a9e5c985ca62986530_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
    Filesize

    54KB

    MD5

    231077caa3d787b168f74207aab1b944

    SHA1

    d0400f7399fcdd9b54ec0fca1381198ec6a72ff5

    SHA256

    a8a041105bba15ac37adde25488ec9b57227b7b81948639f1bcf810674c8f6f2

    SHA512

    a94b91009a2cada000654a089864227263301719a6f35ed9353fa37605f1d677183ae7329b1fd23c35b6d522d32d7a01dfbe810d7897b835486c96070b6f8a95

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    63KB

    MD5

    54474ae0d9e58924cb5e745db901e4ea

    SHA1

    2b05a184540eba2ba6dbfa88b03d51adbaac1b7f

    SHA256

    0114ec27434c32f67af1b208c6f73b40d9215c8bc3b9c7f790e38816b324aee5

    SHA512

    e3564e5c4d58e279224b41d3d8db6b41d6de2ee1c0b934237e72c9fa352b4d8e9573b632d2fe62f6dd6a2e71ed5d7030c7931375d16d1d0287f4c428e10ce69b

  • memory/1692-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

  • memory/1692-76-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB