Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 03:38

General

  • Target

    5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe

  • Size

    259KB

  • MD5

    5b5cdc537a5baaa53898305be0d62af0

  • SHA1

    2b367f92fac4ed486a331c494dfa7afbb6d68f79

  • SHA256

    85aa5c8e2d96976559ce0f962683c7ae649f615ca2c9e54808c0c9e94e670515

  • SHA512

    6cf2786474ee14e2247968258f20ad32721597aa7cff6b78a9f1c7e3964b55a1b7b16b4ef055ed39ae6677be4709eec98aa5eb6a8b880dcc8d59320156a00121

  • SSDEEP

    3072:fnymCAIuZAIuYSMjoqtMHfhflixitfAIuZAIuYSMjoqtMHfhflixik:KmCAIuZAIuDMVtM/jfAIuZAIuDMVtM/e

Score
9/10

Malware Config

Signatures

  • Renames multiple (3051) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
    Filesize

    259KB

    MD5

    25718e5944f770c8aec097f564f86612

    SHA1

    6f32c36b7b92e8696cb579174522e522028c57fe

    SHA256

    160d3fd9bd5b457cb3c6a056e433f9bfa0ca2d7299524b12aa84355887cde0d5

    SHA512

    bdc4eeb056f9822a43cc58486f084b669dc682e095e9e350e19dfc74c5ac72e3ce6145c3fb5ca992f6ae87c44e59f6104629b61c5529fc906e9d72f01f17ea26

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    268KB

    MD5

    92be9d639f18d8a88e943ac96063e21a

    SHA1

    40638dddc96340ebe5b9e3f6ddf0acddd4eb82f9

    SHA256

    b5258e01bee977002357c95dceec91693db98ad1fcf29839d0c8b1821a2cf01a

    SHA512

    cd32dd24b644cef2f9cef387becb4eb76804366c06c49f968acd3e228fd49e1395bbe3302265d39c22d2b08bf07b58829cc9d1af1876ab6862a490455b2ec405

  • memory/2180-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/2180-488-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB