Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 02:47

General

  • Target

    5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe

  • Size

    62KB

  • MD5

    5851bd9b514eeaadd9a1e508e0258560

  • SHA1

    f9b7d6567b294b44455bbd261458fe348699a028

  • SHA256

    5c1cc6fc519c7317517be61cb94170c15e3fe43e8eb966388be800f1d982c847

  • SHA512

    75e2adef1a3730e640a034bcf0d061b0d5feb5b87cf2cd934df4071af7b1c420a0ddd10c6f42dd59a8506f00e1053aa4a7e145a5b9c1e982cce696f2bf18b143

  • SSDEEP

    768:W7BlphA7pARFbhvOsTKnKqtSpFCpF0YSiJgUpFpgFi101tlktRN8kgXZOXcvlkt1:W7ZhA7pApvOsOKjC0YSilpFpfkJOMA

Score
9/10

Malware Config

Signatures

  • Renames multiple (3712) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
    Filesize

    63KB

    MD5

    83a51c1e8e6df59c62c2a450c056d5f1

    SHA1

    4bc1745561ba94a080c6dc351b020610f68e087b

    SHA256

    63f092952d3ced89a96ce62ca4e1cd6a8f88e56edc854078a2cc8e07c20aaea7

    SHA512

    79c5cf8eb5e2dd96f767a803ff4bcbdf826b9cca960dc605b747a5383321a07d8552f6375f44744107c7cc38bc31bd2fbe3941ce2fb3f0a962369c0968c00aca

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    72KB

    MD5

    c552e7e91029710c4a47160145372b26

    SHA1

    850c6cdb01b6bea815c5b0fea235342029293915

    SHA256

    7f932c5f3247ac1662aaba12c7b7cc4b69cdb646c4d9b3f3ade0fb93be9cb968

    SHA512

    a83413bee66d62cb1cbb6bdea44c574f3cebfb3e0103dfdf21081c91abb04b72135f9c33c52cd787a0b17a8f9f0287d6293486efcf1fe3b91979612c7121616e