Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 01:14

General

  • Target

    52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    52eeee6142adcb7c8210798f75a98af0

  • SHA1

    31402526d9b292bae855573d0532ed73b42c757e

  • SHA256

    8d2a709ee530d83c29424a279ab4a0c8e8beeb92af3b44a1be94232e6441e440

  • SHA512

    ab7e6cd4cf002e4d845ad8f3396eea4027ee17884c94a6b67b9e7355754353751d2a8641b37901f4b8a3ef92a7fb70029821a3c5aee1a8bfb7de105eb14cb6db

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDR:W7BlpNLpARFbhblkYlkuvIYFWcDYcDR

Score
9/10

Malware Config

Signatures

  • Renames multiple (5284) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
    Filesize

    46KB

    MD5

    8f204f2f155ca37c92fa67ef291a6a8d

    SHA1

    0306d6b3378b9255827f2eb78e4e61740da0c67b

    SHA256

    607dd7c8089413e8dfde6565f821e5d9ee426315ea3b4f2a497745e23a4aa7a0

    SHA512

    01290e7eaa0e3294e2d521390e60c3fdbab330b36d2f16b3974df87d911b5805677bf3943b9184bbbc367df22aed2ec924c6a145175e30b4733fefc758c1ebd9

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    145KB

    MD5

    cc6113f0744e0263093f8876fa6fbb33

    SHA1

    025dd64c2cea045f7992fc018134bf622bab2507

    SHA256

    4a6c87d2894ec3f626fa31892375d89555a83f316fb4cd5932fd013345789d94

    SHA512

    1ca404c1dd1c031415b28dfeb1823ca730182aab907b942082e136f1ecb57c8e77489cf96abcf08199e5dff925181e930cb9b3555bb9ee11c58c0c38f7961f02