Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 01:25

General

  • Target

    537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    537e9ca6341e87422a0eb9089e722020

  • SHA1

    32f1114da28eac9bd2512c2c15131f830820fda6

  • SHA256

    0d63bc138e60a23b18fb94e8d2cbc14b3c4b3a9663d9620fbd7131be56431157

  • SHA512

    cead37c84767e2635fd9e6a6683ea42ed42d017629393621e8d4bd99cc6e950ebfd615c2db7790c810bb84a9f80348d1194db2306aa24179f097e950bab07c79

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz4:CTWn1++PJHJXA/OsIZfzc3/Q8zxC

Score
9/10

Malware Config

Signatures

  • Renames multiple (4994) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp
    Filesize

    46KB

    MD5

    fd5b9f0ff581be6192b13b42bf563270

    SHA1

    d7f1af1064d35931588213e1f76ec821d357ec19

    SHA256

    960a39d7f20bc94200da164558330e6f02843075a27dd4773bfba08b07a1b765

    SHA512

    ab21a4f5a84698dd8ed16e47ba4f63edf3f256ec279c2d592e70b04eb059ea3b0af587a7bd65dabafe006ddb6f53ac5af278f4d1473bb238ed7aa5badf244cba

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    145KB

    MD5

    a48b16497282f13b7503f18d8460f125

    SHA1

    474a7e03c9af833e9d966be6b83a2677e6c1657b

    SHA256

    a66b73ae687fa5064a45107568d6aab65cf198400eb2d132e26eb707e47c7726

    SHA512

    59765772a335eeeb823a3b0bf2b6a5c7eb1270809db921a045e0b7dd3497646c6a9ad5386eccd6dea0efa391496466205b9b4bd27c8a716455d065956b52b60e

  • memory/2640-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

  • memory/2640-1010-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB