Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 02:07

General

  • Target

    5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    5608b0d2113fe3155249ffc8668da380

  • SHA1

    3baa2eeda4566b94a251704a949a6b0aa11c0fd0

  • SHA256

    855b2ada293e96d0690b4b71010804a633985b0618c94ba98f39520470963f09

  • SHA512

    93e1d395b27083de9f1945e6cab80dac084925599d0511fb42f81a4ba06f1d33cb778c845b0f33c4bd8b18e46bb14308d7bde8cc2742839fa131c74548c3392b

  • SSDEEP

    768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXcLZ:a7ZyqaFAlsr1++PJHJXFAIuZAIu7LZ

Score
9/10

Malware Config

Signatures

  • Renames multiple (5030) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp
    Filesize

    73KB

    MD5

    0c2cf4d0e4954bbd9a2926dc1974f559

    SHA1

    8c27dc9aee3d73689883a20b53e426b843b66f4a

    SHA256

    e60670a9bb26d0f4a8aff5cb1eb7b71493af6d717d1814220064cfb0ea5f245c

    SHA512

    2b22354e29b50f5bc6c9294be0733879550dfc8f4204bc233760659da48053412353485cd45ae1edf460c908eafd01846cef9da4bbd981c60580675e4bf4f12e

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    172KB

    MD5

    27ae6b4dbd0335a726c7c98238a0087c

    SHA1

    2f825c833aafeac6cce69832f362396c5eb8372b

    SHA256

    16287269da190ea03d0efc113b0191d782a29dd80057cbad9bdb0cfeca216cb5

    SHA512

    1ff3f5fd075ded98f5ac64f81a588bf99053c81a604ff661f4327a4d44a5fc4bb16001dbf42469141c4bd40659c87674fdd57690e6fd1aeec8f5efc1a29d7e86

  • memory/1624-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/1624-1824-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB