Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 02:42

General

  • Target

    57f5f5c38b72e578815f8751bebcaa60_NeikiAnalytics.exe

  • Size

    94KB

  • MD5

    57f5f5c38b72e578815f8751bebcaa60

  • SHA1

    8544184ca5f4cad24cefe27ac27b4076336be98e

  • SHA256

    c0b5a68df44c79613867aac686bf16035ae62eb4d11043b6f2d4f8949bb8be14

  • SHA512

    6479021c9be843748844198f543cb4564577893e0328e9583be23cfca6118336e8ccfcbe733b1d5d1642aab39bde04aec4395323ca1d9a0bc65b7eb957747aec

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2I1BaM0uV8TNo:fnyiQSohsUsWU9BK3X7L

Score
9/10

Malware Config

Signatures

  • Renames multiple (3525) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57f5f5c38b72e578815f8751bebcaa60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\57f5f5c38b72e578815f8751bebcaa60_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
    Filesize

    95KB

    MD5

    f49813106146d40fd06f8e54f3f5dc8a

    SHA1

    9ada62429ea9655f9a31a824e2a55054615a740a

    SHA256

    07e051be44be663390ad8ecacdec4211e3911db29486fe993dc33c5a0a3d4dc5

    SHA512

    f926e92c34a514f1bd5f15eb2ad522893cf38508f372480d017fc6824fdd1389402b860c07431598bdac10cadea1a3b12b842e61928ad651d9221648c59cb556

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    104KB

    MD5

    86b7c98313db6e161ea518aece7213ab

    SHA1

    e7063be89e969f70c0f10eb5e86f6f86353ff160

    SHA256

    d7c2947930aecaff035ea9fca42d760aae2bcfaaf1056bbfdcc0db972460cb2b

    SHA512

    5f2c37c829967788cb777d381adcee4933e6ed7797353a8f268d4b91d6c0403c849ce2a33b45717cf81b4f8aafc63759d37b6a78cc54dd9b9221ad416755ca7b

  • memory/2380-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/2380-660-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB