Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 02:07

General

  • Target

    5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    5608b0d2113fe3155249ffc8668da380

  • SHA1

    3baa2eeda4566b94a251704a949a6b0aa11c0fd0

  • SHA256

    855b2ada293e96d0690b4b71010804a633985b0618c94ba98f39520470963f09

  • SHA512

    93e1d395b27083de9f1945e6cab80dac084925599d0511fb42f81a4ba06f1d33cb778c845b0f33c4bd8b18e46bb14308d7bde8cc2742839fa131c74548c3392b

  • SSDEEP

    768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXcLZ:a7ZyqaFAlsr1++PJHJXFAIuZAIu7LZ

Score
9/10

Malware Config

Signatures

  • Renames multiple (3439) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp
    Filesize

    73KB

    MD5

    31475a21536a0b1bfe994800b3e2793e

    SHA1

    76e8a4817a1bbcd1eec22be744285d487d1254b6

    SHA256

    a98380c6791f1a2e6ee386a560e7dc0365b2053d6bc98f3be3674f2bd9778b8d

    SHA512

    1d86a01cb8a959d5bc6e1ec2dc25c3e0f7a4895d0e106ac7bbc51639a35ff455ecf6d0636b92ea453d3d0d4365a4c86476959c22a805b8361d674c66dedfa519

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    82KB

    MD5

    5f2389cb0c0fb7632ae8266689424775

    SHA1

    da8b1d24cc23ed65109b26cebfb894b32566d7b2

    SHA256

    4c42739ce3c6d920a3035e316bea418ba7ae1dfb43a3a097b4b172ccf55e4a32

    SHA512

    cd4d29ae28693785964e09b6600b9eb0a52f04a75754bda6d90118709a2849ac4f3ddddd4e02c3b9049067f786e766b9e2a78a2cffc313148d1ede6d56cda35d

  • memory/352-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/352-642-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB