Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 01:09

General

  • Target

    52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe

  • Size

    95KB

  • MD5

    52a5697ca490d084e2fd65912a926310

  • SHA1

    58d346e4a8680c1001936302c42496c823ff2ded

  • SHA256

    5817afa1e63a6c1a349fbb716af9f46906eec2186e15ec65e5816f7094f4aa3a

  • SHA512

    83cbc41470b4ec0301a6b94f70791c4eb5e4e615b476ac870fbd6db5b9bdaf9487c4a924c678211fd1d8f591fef05d8485f60c447d963ccc397a576cbb1bc0c3

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Waa1aar8p:6e7WpMaxeb0CYJ97lEYNR73e+eKZWaa0

Score
9/10

Malware Config

Signatures

  • Renames multiple (5183) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:5096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    96KB

    MD5

    a07058f1aa22eccecf664d5636811f1b

    SHA1

    59005171f7ff21e6206b24629b47dea19f19a86c

    SHA256

    c4db64ab0d6dcb855112fe93d2227e0e6b7a69ccb5a8bcb3601590d1b81a3597

    SHA512

    c5b10855d7a21a6867c9e7c848e4da87e2b88986a2c0438fd8f4c95844bd2854e63521a1c6441d86c0efac989f2e6fca617bcb9f2ad6e48b02c40a510500c4dd

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    194KB

    MD5

    b5a9e934f64a68963c6b00f4f0dc0d32

    SHA1

    a9c58a462863f886909ce3f22b1d5b7ebf61d4fc

    SHA256

    8a509b1072ba3a4d3e7cecce95c25205e6b0c2dde2aa56c0ea1689765d5abbbd

    SHA512

    5e6388d5bb1c62502e366ba0d5b9f26f47f6326438fe0fcee3ce22165e9b3c643fe97d437e414ebbd19c132df5923953f456b47769f5477c36d5f261e10621b7