Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:55

General

  • Target

    551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe

  • Size

    360KB

  • MD5

    551fcadaa9998c365de1331dc7df11a0

  • SHA1

    5172a064a1773cd17fc5168e9c1ad4b017984f48

  • SHA256

    59377316bfe639e8d7505aaa2e8a9b13b753df2d3de2eb84acb6d0767ef640e1

  • SHA512

    026543ace51216a8d11803807b6ea7657baf7035d0c2b0ef3d86ba11ba52ce601293c1377a16c641f9ec987ba04d0f989f120e3c54ead14d5886d47eae168f55

  • SSDEEP

    6144:KiQSo1EZGtKgZGtK/CAIuZAIuMQSo1EZGtKgZGtK/CAIuZAIuj2x2a:VQtyZGtKgZGtK/CAIuZAIuMQtyZGtKg1

Score
9/10

Malware Config

Signatures

  • Renames multiple (2560) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
    Filesize

    360KB

    MD5

    1638e8f0b6db43c8ded31affa734f9fd

    SHA1

    07bc9534ff8712c9e97f2ed597c5dbadf5c793ae

    SHA256

    5016e9552f5f6f04e237abfb98aa64803ff48abfafc5c8b18dabd874c9bef850

    SHA512

    f6a38c5f2eb9c32d8b4fc120ffb52b63a56d0f3786772e23abd75ad7995a18a39af72d7b3509ca013fcb1b3900a39500feb6cbd1dcad9d9e189752b8e4f147cf

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    369KB

    MD5

    4b5e15b9aa5b76b6b762c0918f044964

    SHA1

    35d0c735da10437cada96b9f6ded737d42f3a857

    SHA256

    4c497645156ff8cfd936d0b8433ea1f098a8f97d1582fd920f4925fc2ef10a68

    SHA512

    68939ff5e02217307eca3fcbd89f561ce8b94476c8d15b479b48fc889870cfd5420d5677bdfaf48bd63bca3a484bb45a55dae9f84626bc2bdfd8c517f361329a

  • memory/2912-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/2912-250-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB