Analysis

  • max time kernel
    150s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 01:56

General

  • Target

    552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe

  • Size

    156KB

  • MD5

    552f8aca4f90d8c541947094a0791c40

  • SHA1

    05a21e5141a4aed8f558241521831e54b05c9861

  • SHA256

    f16c5e2a6af2844e0d5104681625cb37e3a25ee88a990abf5e7f6f9a8f38be93

  • SHA512

    a4efe378c2a323d687fdb8cc04de7d69283bf556e0c4d22809e748b4bd6f908b5785215f1b217daae57a03bf85300cd04a92648826493dd7bc6fe485abae175b

  • SSDEEP

    1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8pTmXadjUSbcDemTPAZk+cLtdNlb9NEV:6DWpwE7oL2e+efZwZ08i8p6W2QZwkS7u

Score
9/10

Malware Config

Signatures

  • Renames multiple (4843) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
    Filesize

    156KB

    MD5

    3b82957b20894a6782edbcba96ba6030

    SHA1

    70dd8dfa241b1563207c550e4583643787ee1992

    SHA256

    4a3fb507ccd5999adbdbded617bd70dc4e8a9b513657366666a7b74c64d98e4e

    SHA512

    f876816191d7e839b7fe162fdf5f6321cc5842f42caddc51da68bf2b9860739bc3eaf36b30ab1ac60295a77dfe652d869d2510992baf6c4c5dd93d90161edbc0

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    255KB

    MD5

    68232ae7763355d49917f58622d5d7d1

    SHA1

    636401ce966a386d77b238014d753e0b5ad57ade

    SHA256

    cea9d9bfc99734d123b4f094223cc63c79e9d66ff3e2ccf30a5cf8649787c082

    SHA512

    5b23e021ae1d6eb5aac4c917c31ea36e3ce878416185f860a7692d31056bd6b1f5f8d8fee229457ae313ca8455540d7d25672ab3962ce36535bb80d29f03c940