Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:56

General

  • Target

    552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe

  • Size

    156KB

  • MD5

    552f8aca4f90d8c541947094a0791c40

  • SHA1

    05a21e5141a4aed8f558241521831e54b05c9861

  • SHA256

    f16c5e2a6af2844e0d5104681625cb37e3a25ee88a990abf5e7f6f9a8f38be93

  • SHA512

    a4efe378c2a323d687fdb8cc04de7d69283bf556e0c4d22809e748b4bd6f908b5785215f1b217daae57a03bf85300cd04a92648826493dd7bc6fe485abae175b

  • SSDEEP

    1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8pTmXadjUSbcDemTPAZk+cLtdNlb9NEV:6DWpwE7oL2e+efZwZ08i8p6W2QZwkS7u

Score
9/10

Malware Config

Signatures

  • Renames multiple (3088) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
    Filesize

    156KB

    MD5

    1e49671d5672205244c96560b29b6fd9

    SHA1

    72af74522bf9c34a5cc5d01e7b8d9bbfa5bdc06d

    SHA256

    b0c57caa5ccdf3b9df3bc8789382e7c3405108d8fca324ca8e6e55921b0a23bb

    SHA512

    fdb2e29b2e7eeaa125be0866ea3c8262736f55dc5b46817ff224126df323eb5c4a916a00fd26439d24f26a648201a1ff6d5b200a7c2ab6b998caaaab6aacdd54

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    165KB

    MD5

    ec1b096187ceee5d23c796770fd61953

    SHA1

    d125db92fda5ab6f5667ece66c34a6b43b904522

    SHA256

    055a5b0dd222bcb8e1de7da80341ad8567ff7b15f9980a55fc24211c258faced

    SHA512

    72af31c5bde674ed4831a87369621b53db9338832c276f0150070034805f5caa527c806ec3d39de5757b93e06a118a84d88c0fc9bdbb3ddf436fb9c95ce7f58f