Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:24

General

  • Target

    536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe

  • Size

    76KB

  • MD5

    536a7a0cf7a3dac02da94c0fa84c8440

  • SHA1

    f5d11cad948a9048c65db3d1feaf809b38b06ddd

  • SHA256

    20035df99ab2532e7887ccc5caf2f894d4bd28cff03569ed951e3b2756f5ae2f

  • SHA512

    cd9a6ee837a879e128db6fd47d0f6a98e107f7bfa569d279740f19d79c65b3d4fb07beddddfb71e266a6ece4553f40e624ce3db518d5db1a37aff144b5b98cdd

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHP:W7ZDpApYbWjIlE77ufL2e+efZwZ2J

Score
9/10

Malware Config

Signatures

  • Renames multiple (3702) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
    Filesize

    77KB

    MD5

    f788f6d6c3858a6f0bec822d3d5823f8

    SHA1

    667d018bb6612995b1f4e92d68b013554a2eb7b6

    SHA256

    6d95e1e60b554685bc365f9f44d59ee18c5275e70c64cd4c1530f055ee823099

    SHA512

    cb1862f41d537442ace5eb678abdc5556595386b6f5425eb2dc1ed3289d3c8d31a55203aa20be8957a2d17d7c84231ad53c93010d0c69164cf88a19829f71e28

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    86KB

    MD5

    12fd413738fe77e6ffab4c53871c61c5

    SHA1

    b54468a090fca98a7c0c6acc2a213263c515e70b

    SHA256

    d0e58ccede82a9875f3b4d1a609f87004686f0c69ba046c6276e642552ab39a8

    SHA512

    41fbadbe7cac90e0984bf2556f5452a08e42f488979d9da6f724dc608f66e618b8f0b4daf64ddca7f0d721d9900e5834a425b258670da218a685ef1101984240