Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 03:36

General

  • Target

    5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe

  • Size

    51KB

  • MD5

    5b46556c40cec6090ddf4563a7598420

  • SHA1

    319927c223985beb5ccad89d13d01e568ee5a4e3

  • SHA256

    ef1595504d485742ecc8328e11a1dfa2af463f90592deee04a82b4706d5c6fc4

  • SHA512

    dec1ed43d5a0c10c20c1b9e4c3284e1a90e37750e0d0ce12bcc8a2002df0561714befc92bf987cfee5f1fd4d69f7ca14dbf970a317e95d735bbe35101400c6d1

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQa:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8RYn

Score
9/10

Malware Config

Signatures

  • Renames multiple (5354) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
    Filesize

    51KB

    MD5

    57f210c7e2bd22680531b2de689fcbb0

    SHA1

    3ad89e7b6834c02f219c156ae387dabd0ad0ea3d

    SHA256

    62199a461fc192060369df5cd29f74628da73962f27b9e18a04445359576c4c4

    SHA512

    3fe371f3687d7ab9625f87b3c21dab8394eeb75d23afc127d3d1e50ac7ccaa09542699c6c7afa3c38d55a081523f10ec2e4a275bfe28dd53e442b24bf7b0fd44

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    150KB

    MD5

    26558719703ee27d95503c59da0fb9bc

    SHA1

    38267df61f0eaff2b0b3d7d656ead2831b2e7160

    SHA256

    b79a0ac6e50dda2234a301f22d35605d6c44386161ea6719bc883aa7f1806d74

    SHA512

    89ee75ff0678c4956ca1cef1d97d506510b2af0bc6ff73aaa899364e8e6316da0cc1830d093c0b8d8a86323a33e295228b7da1b0a65fb54c5e59a48b7b82eeb1

  • memory/4384-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

  • memory/4384-1216-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB