Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 02:09

General

  • Target

    5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    5622aaf012e3f8a7bf39f2d3c3c65f50

  • SHA1

    dc9f21ea80431e02d3c754e424c90f177e8a86ee

  • SHA256

    8178ddb796f0b70c69fc7867889eefddbe641ac3536c18b4ad3efd11efa83d7a

  • SHA512

    0e23667a77bf3fca08210556ba943e17720701fcc98495903a70abaea2b462b5073c75fdcd0ba90e458a622837923a37516810c565bec9a0ef1e134e815da8e3

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNjX:W7BlpppARFbhWJQi1X

Score
9/10

Malware Config

Signatures

  • Renames multiple (3777) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
    Filesize

    46KB

    MD5

    daa0f96fb35588d954c140cd21ec0692

    SHA1

    360f39b2058c898d326de685e07acaa839ca27ff

    SHA256

    b17d714afc3622697d16f794e480dd777aeeb4a7f4efc37cb67e6bfe1f57652c

    SHA512

    0b50def3eaaf040eb3bad564c1f7ac081c6dcf11d70e4d79b230485408b9d0806f4d4ee39425b3f8b34e48fb9a1bcd76b566cb6cd2d7175f06bec47b92b87dac

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    55KB

    MD5

    ab9806296f930697d8f69b1d9f219547

    SHA1

    6082a73e43d7416bbbfb9f64a8235e84c4ef0fb5

    SHA256

    1431a3a9e842076fbbd0f1d0bf1719fecee2b0725cc2aa871dcc378d4836f1a5

    SHA512

    149e2566f9cb700cd9d65d30fa87f35ab1e5fdeee68323ed5fd6fb38f440892dcf9d1a6c598f0ae7f11e7c83a113797e12b01e408d363a6b9ef688a5f2a3efb4