Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 03:36

General

  • Target

    5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe

  • Size

    51KB

  • MD5

    5b46556c40cec6090ddf4563a7598420

  • SHA1

    319927c223985beb5ccad89d13d01e568ee5a4e3

  • SHA256

    ef1595504d485742ecc8328e11a1dfa2af463f90592deee04a82b4706d5c6fc4

  • SHA512

    dec1ed43d5a0c10c20c1b9e4c3284e1a90e37750e0d0ce12bcc8a2002df0561714befc92bf987cfee5f1fd4d69f7ca14dbf970a317e95d735bbe35101400c6d1

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQa:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8RYn

Score
9/10

Malware Config

Signatures

  • Renames multiple (3781) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
    Filesize

    51KB

    MD5

    fbabf099e9f86bf9f6dfa85e8a913544

    SHA1

    038bc9d5ba56e4a731964d2f30bf646e09cc3095

    SHA256

    319526e2ab81e6533ba70bdbeadab31152e3e664b7b2e041547a2e22eac98488

    SHA512

    3cbdf33699bff2575c2dc5ded857b146b61304771d29aea025280160fbd710ad24eb946ebe04b4df8aa750bd40ae1a165e18fc174243b98c9f58e56cb81d578c

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    60KB

    MD5

    6544acaf9e3c28365d5dfeed47e2a506

    SHA1

    b9835aa1c6548890fc5d41d2faecfd045dcc75d8

    SHA256

    38d1c238a7aec60c5cbb5b216ddd57971a2e40e592274856845c7d4affa41f04

    SHA512

    65874f61d5ab04a33090903773eed43f61f9b52f1807291d789b0e885c34288865c92f932c36266911cce4f7d330457ff8e24f1a24c2f5660ddbd74756b8cf50

  • memory/2180-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

  • memory/2180-86-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB