Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 02:24

General

  • Target

    56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe

  • Size

    50KB

  • MD5

    56ba96c9d8f6df11fffd460458fe8360

  • SHA1

    0300bddf18b314c93fe35d1c5c6e0c747e3d0b66

  • SHA256

    73a46ac2ac1c4486315c7afcb9cd134a7bbaba70cff7961225bafd2d6667fd0c

  • SHA512

    b8b5fba93402a0830593e053efe6793eb0305f6930f0e5e7f9475d3b77f5ac1f6b2ab57fb921cc6fbe09ab8aa4351165a82e43119fff14dc02cd30c00ab90a19

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFVC:CTWn1++PJHJXA/OsIZfzc3/Q8VCnXxX1

Score
9/10

Malware Config

Signatures

  • Renames multiple (5276) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    50KB

    MD5

    714adb0eff3e7e6f6e0ef0e7d33c0ac4

    SHA1

    d3a909431bd196875e9b121242603e4b5c026a7f

    SHA256

    7f566af7cb7a395134d18e1bb6f9ca22019d9e9234f97ce2491dedfc4d4a323a

    SHA512

    b72be7f8dae4c03e730a0f177ebf46e1217da6fb3fc4366044ca5ed2de8c776640a32edd28319954a95eb51e59860a11e0aba9c9897186335aef7de12a5bc15f

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    149KB

    MD5

    2eae9d9ce2df9ea115d365948b4ba36e

    SHA1

    0bf7dc5827f5eb5cf4f9b56566cd0fa259c9c5c4

    SHA256

    7de808718829c57dc5bffde9e830d447f87c09172b4cd0af19fc3acc876b46dc

    SHA512

    13bf14fcf7d7efd74f9161dac32b158f7b4308d326b15807d9ccc94af1cb71c21c878df90d31d891b5b9bb5bbde77b66eb732758707ec8a961d1a912b0070f7b

  • memory/1928-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

  • memory/1928-1200-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB