Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:29

General

  • Target

    53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    53aec8dd5de82c1c2da6942706e5ea60

  • SHA1

    d7f7714a09d28dec3ed7c149fbeea979148bea39

  • SHA256

    50ca0a9f93c1f8cd2af7e7f375b9cffd56f210c81d0d95149fd610242fa2932d

  • SHA512

    83f26688616ab0bcd8e152acd00c1d3c705b8713aa62af2d4695d80547bb1cb3cec37fa6d27f98b5b73af3773b3150c4368ede13340a0e7a1f37ce49cd3aa003

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hH5:W7ZDpApYbWjIlE77ufL2e+efZwZ2qhS

Score
9/10

Malware Config

Signatures

  • Renames multiple (850) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp
    Filesize

    79KB

    MD5

    777d3a0f54e6bf88ebd92cba76b029d5

    SHA1

    9d882baae39624ee8f069be32c84caa1fe29dcc6

    SHA256

    501be69e7c170e741edf0ed4a99d3baed5351d7a86b5f83f4f408666d5e1a4b6

    SHA512

    bd2b2264f970c5ee7b9254b2f9b9c0b77935c04db5b868486cb49ba293356faecfe53dd81d97e3ffc9a468623c782f3dc54bc660378a11831627be67734ac53d

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    88KB

    MD5

    95976e7bdb49b83562d85bea7303ac4b

    SHA1

    34dad7db95ef64628c996b820c8835253e90e956

    SHA256

    824de559b641d1ec8d9e311b1e690e2bbc386c7dd6c10631a8e5acbd23b35c2f

    SHA512

    2e2980cbf27312eb73303ac2d8f05b0f87ec8d21239c359f0902e614f056f476332721c3bb57853a997764958ab3068a3f4d0ba8ef00a3ce222f1e10f97fbac5