Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 01:58

General

  • Target

    55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe

  • Size

    176KB

  • MD5

    55605ac9c54d8bd0e85343c0f3492980

  • SHA1

    ebc2a1013321e44d1fe8030365b91b76406197b7

  • SHA256

    bf97ea75a73e8da24e0b2557f20721597c6351c29cb8c03e1bd5e917d69f831e

  • SHA512

    6674679373ea901febfd85a017205d1159fb44285aba8d65f22d1fed014e319163444782cfc7280e4261dcd26e764028c7ffec6b4b8de595ab7ffe67a7082fba

  • SSDEEP

    3072:fnyiQSohsUsWU9BK3wnbQ9XI29xujGh+OVYB+UlIFbcka:KiQSohsUsWU9BvQ9P4Gh+EYB+Ul2a

Score
9/10

Malware Config

Signatures

  • Renames multiple (4725) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    177KB

    MD5

    e9182178c5c20c7319b220748ae9abe0

    SHA1

    ca7aca7db4add161c5d9ee86276edee211b6e73a

    SHA256

    c30808937ffd59c4b8d1f1261bc3eb323d9fad80ffddbecc7cc2e57820dec7cd

    SHA512

    d9a769b5627bd80f1f4d5a6bfc64223d42b0375473f35390188acb7e05e49d64f3d934bf7950f0d5079ce2145a46e8faa53c2db449016ce26774ba2518ed290e

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    276KB

    MD5

    3dfd99b2a2d0fc5a1148376c631b5f99

    SHA1

    a8bdee620c23fd0a3d750ac43ce44ba1c96b467d

    SHA256

    d712224abe30b6c346f36a96e1e0e37dca174555960a9de7f4c11d3233789dd2

    SHA512

    a0eef92ac4a771b376c15f51aef36ae281e7230658da24d81d3b30899f28891e672fbea6a7123d3197fd72fc4ae83882cda79ff2e138d9ca89155f346b5d0eb6

  • memory/4580-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/4580-1758-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB