Analysis

  • max time kernel
    149s
  • max time network
    58s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 01:58

General

  • Target

    556d3fb93331554e05e54cd31b1a8740_NeikiAnalytics.exe

  • Size

    90KB

  • MD5

    556d3fb93331554e05e54cd31b1a8740

  • SHA1

    70118a54abcb3ccd84f59efe146beaccc8d6ba68

  • SHA256

    d42a8257e09a659d62f204e874170c8410004166742b5b993df49e57690cc33b

  • SHA512

    335340a808c468392cd9d94db4491ba2dd280b0091045cd9e81f234b96f1fd0e74286b87faa361e3eafca49367e651f7c1adf43bc78a48527c01f96ef4dcd6b1

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8OyYsR6Xwu3QpmQphQpLQpzQpoPjp3t:fnyiQSonyYsRUb3Q8QvQ1Q5QWbdt

Score
9/10

Malware Config

Signatures

  • Renames multiple (5189) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\556d3fb93331554e05e54cd31b1a8740_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\556d3fb93331554e05e54cd31b1a8740_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
    Filesize

    90KB

    MD5

    497c3ab4fcc98734ce947fbdcc8e0781

    SHA1

    8d2931458e5dd4d970096de3bc514047d0cfb3d9

    SHA256

    cb27638567cbd95738c051f7ef8f1006053ef969b441c8aaa4ae0f9299003e6e

    SHA512

    c6aeea584b4df81a86133f963d608cfb044d05b8fcc35f1b23206de4f68fa710bfd344c632e673bf0b779ce21fe44be520bf47b6bd00bca862cfbe80398ccea1

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    189KB

    MD5

    41484156fda99f1af582ce514dcd08bd

    SHA1

    2a072fe615b351fa33879e857432de0104578821

    SHA256

    41b4fae858c973e93c5941974a0b877d20dd77ed91671f8d5d23a8a7d9e10d03

    SHA512

    95a568574f0953afa7f4793cd50d3f517ff1bcde7181308f2764c94e48092e45de478ef893341f83bc4ebb9e5222e95bcd0f0a3c2477614dc31cfec71228a48e

  • memory/3580-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/3580-1908-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB