Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:14

General

  • Target

    52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    52eeee6142adcb7c8210798f75a98af0

  • SHA1

    31402526d9b292bae855573d0532ed73b42c757e

  • SHA256

    8d2a709ee530d83c29424a279ab4a0c8e8beeb92af3b44a1be94232e6441e440

  • SHA512

    ab7e6cd4cf002e4d845ad8f3396eea4027ee17884c94a6b67b9e7355754353751d2a8641b37901f4b8a3ef92a7fb70029821a3c5aee1a8bfb7de105eb14cb6db

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDR:W7BlpNLpARFbhblkYlkuvIYFWcDYcDR

Score
9/10

Malware Config

Signatures

  • Renames multiple (3773) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
    Filesize

    46KB

    MD5

    ed854a70457a12d59c4f151158610ffb

    SHA1

    1e6a5bbc92578caba3b9fc695fa0b3f8713e079e

    SHA256

    1a7d17a787b76832a5ed608d36059771725d1338ba6bbff0a7cd13bb4ed7eb01

    SHA512

    03494897bef7ddd78de50d2b8e1b10a754b1d081682ec809ba1903fda27427c24f7adda9638f2371980787eb6080a767f2d772fe003fe234e6605d56e7877b32

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    55KB

    MD5

    d6cc7fb179d83f69f11026c0b62d6a82

    SHA1

    fc5836caf2c02cb6abb2d6e3713cd09e63aaaef2

    SHA256

    bb8c717fab9d370bde3af03b219118a93f6ad2419ad89d7dafc4f7d270ad868c

    SHA512

    c83348ac8d0f8bf6c9f417aabdbbfbbc8aca894de8eb4f1c5ba33068fa766709b47688f4412e660ef5f2b9d533fb61aaa75cd79655536a656caf883a6afe5dcd