Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:09

General

  • Target

    52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe

  • Size

    95KB

  • MD5

    52a5697ca490d084e2fd65912a926310

  • SHA1

    58d346e4a8680c1001936302c42496c823ff2ded

  • SHA256

    5817afa1e63a6c1a349fbb716af9f46906eec2186e15ec65e5816f7094f4aa3a

  • SHA512

    83cbc41470b4ec0301a6b94f70791c4eb5e4e615b476ac870fbd6db5b9bdaf9487c4a924c678211fd1d8f591fef05d8485f60c447d963ccc397a576cbb1bc0c3

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Waa1aar8p:6e7WpMaxeb0CYJ97lEYNR73e+eKZWaa0

Score
9/10

Malware Config

Signatures

  • Renames multiple (3423) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
    Filesize

    96KB

    MD5

    fe08ec010595fa0dd20acf73f3b13cb1

    SHA1

    06926fd7838d5066a7ff9e73d618c7dcaf0e233d

    SHA256

    753cf08eff67332ce02a524ae7eaf0c9c18c8be4633d04373cc86c0bf6ec6b62

    SHA512

    8979fcaec957cd19dece34c1d6ccbca29255f28f6cdd260cc4806c364593e510daf2a8c57ef51a0408e0497e382c56e9872f73a495e269bd3713d54a1a8348ba

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    104KB

    MD5

    517eb1e69f9db43e966dbd8e6be247c1

    SHA1

    0fda9e3fc68bb1217855908ee091288faf4ef764

    SHA256

    281fb48f5dda44c297b6e64e5aea82c0e16929bd82d5fa9212353b6eea2f9c60

    SHA512

    125025d3e3ac2dd6505f81ba62e433bfc5e494ff67bbc4b838ffdfaa414746d2c74eb070a9a63bf09d2ba2a995f6a651b390aa34d96130fbf06e09f2a2a47fe9