Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 01:29

General

  • Target

    53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    53aec8dd5de82c1c2da6942706e5ea60

  • SHA1

    d7f7714a09d28dec3ed7c149fbeea979148bea39

  • SHA256

    50ca0a9f93c1f8cd2af7e7f375b9cffd56f210c81d0d95149fd610242fa2932d

  • SHA512

    83f26688616ab0bcd8e152acd00c1d3c705b8713aa62af2d4695d80547bb1cb3cec37fa6d27f98b5b73af3773b3150c4368ede13340a0e7a1f37ce49cd3aa003

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hH5:W7ZDpApYbWjIlE77ufL2e+efZwZ2qhS

Score
9/10

Malware Config

Signatures

  • Renames multiple (5032) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4052
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4132,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:8
    1⤵
      PID:3448

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp
      Filesize

      79KB

      MD5

      7ea722b8979594dcd8f96a69155ba994

      SHA1

      650ddae805fadd0249bb653455aa668d2cb4d263

      SHA256

      a09b49640b3d27aa5bc2d44be33af9612eca1d2e614f63c2b231b2d2d4d54ca8

      SHA512

      0172f74537cceba44e56986f47e7f9a5a6e082572d8241578db15cf4156e83a7342251e90e846a529b4c25bc537ec8d48650eb38fc2f331ac9db2f4253501f68

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      191KB

      MD5

      02c6e65282a22da3842e1c35be8bd8a3

      SHA1

      bc0a577ae7b110dfc9ad689c7350e7bba96c305b

      SHA256

      437648cb8590752c6656eb21caab74fb850c66a2534f09e65bac15c026cee240

      SHA512

      6fb3708c9d01ad208051ad78c698c9179679f1ba8bba8d5e60ccf406eb61d4f17009daba685224e346fff4869fef0bca254d577fc69e09ab8ac448ff3182f2e2