Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 01:50

General

  • Target

    54cbba1548f897a9e5c985ca62986530_NeikiAnalytics.exe

  • Size

    54KB

  • MD5

    54cbba1548f897a9e5c985ca62986530

  • SHA1

    7d737cdec79fcc54e25af9a946bcc504d6aaa706

  • SHA256

    2d7780135266c06e0f3dacaa3504205a792e7cc48c1d0ec57bcb40ae354399a7

  • SHA512

    fdfc8ee693cc1aca56fa8369832f3a8d0180bd94fb5e827c065bcfef3085892a0c139b43a2aee9f4dfa6013f4805fe14e741c37f8d558210fdcc4950f99eaad1

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQ3:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8RYK

Score
9/10

Malware Config

Signatures

  • Renames multiple (5265) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54cbba1548f897a9e5c985ca62986530_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\54cbba1548f897a9e5c985ca62986530_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    54KB

    MD5

    8898f8badcadcc7e80fb5a10867e6b3b

    SHA1

    734533e568c350935ba93ff90f713fb893ff2ea7

    SHA256

    6cd7163d297b435c5749ae5dd4b81d42b968457152a5444ec1c310c178186a45

    SHA512

    0ba1c4c553ed987292ea24481e3b44b1cec508d9b5cd17b24b9bb9bd58b2209e786208a825b32c2438af96b6885e6f03c5630baca92fc5940a4e5ed650910b9d

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    153KB

    MD5

    d680884f55b63b50e8d38fbcd94590fd

    SHA1

    88630f6709dd49a04ee3f4613136953b44ea6002

    SHA256

    36cc75350f90eb3ab320e67bc820aeabe3dfa3899eb393149fc121d131797f1a

    SHA512

    076322fdd4081e8cb97e5992db36e94decd61de7ef150b04819979cd35ab2f8ef32cd5197fba3056252dba8f285c9521e342b2f70ad4647ce5402977a8eb57af

  • memory/3380-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB