Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:58

General

  • Target

    556d3fb93331554e05e54cd31b1a8740_NeikiAnalytics.exe

  • Size

    90KB

  • MD5

    556d3fb93331554e05e54cd31b1a8740

  • SHA1

    70118a54abcb3ccd84f59efe146beaccc8d6ba68

  • SHA256

    d42a8257e09a659d62f204e874170c8410004166742b5b993df49e57690cc33b

  • SHA512

    335340a808c468392cd9d94db4491ba2dd280b0091045cd9e81f234b96f1fd0e74286b87faa361e3eafca49367e651f7c1adf43bc78a48527c01f96ef4dcd6b1

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8OyYsR6Xwu3QpmQphQpLQpzQpoPjp3t:fnyiQSonyYsRUb3Q8QvQ1Q5QWbdt

Score
9/10

Malware Config

Signatures

  • Renames multiple (3453) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\556d3fb93331554e05e54cd31b1a8740_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\556d3fb93331554e05e54cd31b1a8740_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
    Filesize

    90KB

    MD5

    07173e6a5a648bc051238671687d9f13

    SHA1

    f9224b462c3fcdaa0697f44066879a750792517d

    SHA256

    198c71e9920ce057a367bc9f616788664ee20da97c413cbfed77d30172112be7

    SHA512

    852efbc4f53368a0d59695a434285a84a28dd637b6c8d5f9e5153abfcb40cc85f7bb012570cfbbbdcf0a8128b2c74b90224abbd6b2c24bd9f0b0b0b20fb91033

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    99KB

    MD5

    83cba69e48b1e2d3d81eb43fa72ed88d

    SHA1

    897bbd5085019a49a5db8bc760ed69833350f1bb

    SHA256

    64165ba7c4596a92051dc70f14940c932167150624c9a04a20967e5dd6b09d22

    SHA512

    9793ffd6776d29ba5016bf1cc450c4ee439d910b762ebef3973e26ba0646003ab63de06e82486834b6c43877a57bb7ecdf6a2c2cce12a3692c31bcacc08ab5ba

  • memory/1312-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/1312-650-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB