Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 02:42

General

  • Target

    57f5f5c38b72e578815f8751bebcaa60_NeikiAnalytics.exe

  • Size

    94KB

  • MD5

    57f5f5c38b72e578815f8751bebcaa60

  • SHA1

    8544184ca5f4cad24cefe27ac27b4076336be98e

  • SHA256

    c0b5a68df44c79613867aac686bf16035ae62eb4d11043b6f2d4f8949bb8be14

  • SHA512

    6479021c9be843748844198f543cb4564577893e0328e9583be23cfca6118336e8ccfcbe733b1d5d1642aab39bde04aec4395323ca1d9a0bc65b7eb957747aec

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2I1BaM0uV8TNo:fnyiQSohsUsWU9BK3X7L

Score
9/10

Malware Config

Signatures

  • Renames multiple (4862) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57f5f5c38b72e578815f8751bebcaa60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\57f5f5c38b72e578815f8751bebcaa60_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp
    Filesize

    95KB

    MD5

    1e3eecc7beaada70e2c5f7e2ad7d6254

    SHA1

    1fce8e629581b548b94692593a409f827e7f4894

    SHA256

    2df456ca1f5b8d20f65e8397261ec484accb7bdc2b69195e033793d30f58b55a

    SHA512

    2aa5a30d4e709a0a426f0c73a085d1508525dba221b437132604cb2c87caf15ba231001cb3a77e560891ed9b28a546061c3076b75650fb047307330bc30466b7

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    193KB

    MD5

    d96807d7bf9ac09faf64dca8dc6883b9

    SHA1

    c94d8c3dc85878718a418d4a4630fb37e73ceb8e

    SHA256

    b35ec9449b4a2cf31eee4f63109b035398be93b5f30d33df15a99dba3a8c7f7e

    SHA512

    44105ff4e2b735c273fa590c696ee258dd350501354ac4efe9c2bdfc73c97b3f0e60118222ae061873cd09757393e7a916818733c81c1262be3e2d501b1215a3

  • memory/112-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/112-1786-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB