Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 02:09

General

  • Target

    5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    5622aaf012e3f8a7bf39f2d3c3c65f50

  • SHA1

    dc9f21ea80431e02d3c754e424c90f177e8a86ee

  • SHA256

    8178ddb796f0b70c69fc7867889eefddbe641ac3536c18b4ad3efd11efa83d7a

  • SHA512

    0e23667a77bf3fca08210556ba943e17720701fcc98495903a70abaea2b462b5073c75fdcd0ba90e458a622837923a37516810c565bec9a0ef1e134e815da8e3

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNjX:W7BlpppARFbhWJQi1X

Score
9/10

Malware Config

Signatures

  • Renames multiple (5246) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    46KB

    MD5

    532d6a764ab01e8b7595dc07c549e410

    SHA1

    5e59e8487e4d03de7086d7f46d49be6822686d6b

    SHA256

    3622186c98f59d45c27d179eab6e5d901f43455b221b118f0c40be6dd225dac3

    SHA512

    ed71a170514c7490b22f999db8e96b2d5a21b9e9ba9931f7cb649216511a2a6f2311d3bafa7006784055827213a2f9f3b4c58ba7c92bb3a41fc75d45a2410a7c

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    145KB

    MD5

    03cd5ddbb931961de0ce0c298918fa8e

    SHA1

    7055b548d8f309007de07c641ea3f1c70ff2614e

    SHA256

    acf0939a548e873273c7780a9c0227178d522692d980449d230c7357467c83c0

    SHA512

    b92f9a3680b658e5620269e5f42060e4bae85b72c00fe4c6191418005deaf6f73aef8ffc7bcc3d6470f9879e80ff26bcbc5bf536868abc51445bca31c25e27a4