Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:25

General

  • Target

    537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    537e9ca6341e87422a0eb9089e722020

  • SHA1

    32f1114da28eac9bd2512c2c15131f830820fda6

  • SHA256

    0d63bc138e60a23b18fb94e8d2cbc14b3c4b3a9663d9620fbd7131be56431157

  • SHA512

    cead37c84767e2635fd9e6a6683ea42ed42d017629393621e8d4bd99cc6e950ebfd615c2db7790c810bb84a9f80348d1194db2306aa24179f097e950bab07c79

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz4:CTWn1++PJHJXA/OsIZfzc3/Q8zxC

Score
9/10

Malware Config

Signatures

  • Renames multiple (3737) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
    Filesize

    46KB

    MD5

    31467de1596e9f74c24c0e0bccb59ee9

    SHA1

    b1898960b65bfe7467cf9a890c17cebb4bc9a4ad

    SHA256

    c1f8e8ee011088e52199505047566e068449a5096198ef6ff4713b2d0a3efe62

    SHA512

    9d61f24c19f2af38c3c4cb7787ee0716bbbe550b375d31923bc1998ec1b21277a952e2730c67204803e983f8e8910cf5e21c2a3a7ff192f3ef60b8107c6e41cb

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    55KB

    MD5

    6d0db04f8c24e30589ff530d0b5bad69

    SHA1

    9bf3ce8e50bae315df27fff0ead4fdcd1d24f885

    SHA256

    3896174ba3a72c0518c44c8b8965949477e198bbff44fc6ec3ef5b973c83f7dc

    SHA512

    194e5d10a7979bf854bc7c6176f2de83d2f7c4809de8d6148289ca41fa09a2ada60c3a049421c5171b68ac21edaebe1f031e26216eac463e2569bc40fecc32ba

  • memory/2200-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

  • memory/2200-80-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB