Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 03:40

General

  • Target

    5b79255cafb57fbaa39f693271081670_NeikiAnalytics.exe

  • Size

    355KB

  • MD5

    5b79255cafb57fbaa39f693271081670

  • SHA1

    2e5f32d530874fd4245b6599f5f39b6e139ce982

  • SHA256

    6c639361353ef527f4ec67c9a83b628b43a982cb3b77201a646281688ed5bd7f

  • SHA512

    9dfed3ad787314afae7587d713442ddde5f7720db9a40afd1ca08454a66fd73e49cb01b3786d7ee4f1387902bf0215f21c146f15700019617b009921e79167e6

  • SSDEEP

    6144:KiQSo1EZGtKgZGtK/CAIuZAIuhQSo1EZGtKgZGtK/CAIuZAIu+:VQtyZGtKgZGtK/CAIuZAIuhQtyZGtKgf

Score
9/10

Malware Config

Signatures

  • Renames multiple (2853) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b79255cafb57fbaa39f693271081670_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5b79255cafb57fbaa39f693271081670_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
    Filesize

    356KB

    MD5

    3c586896153185726ed617ac669680e2

    SHA1

    15f61ab8e2cd4907e27e4bfd949bec0ef52debb8

    SHA256

    c7267420a8ccd8d80b89aabe533ff7d575eab5ace9351ec5495a00679324de55

    SHA512

    010434adc26e7d689233b9897fed60638d6c90d0efbd7de2e368f2def6eb4b15ee06856a31d296ec23e4e390282f6076844d5dd3056c8d1463b54dccf513499b

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    365KB

    MD5

    7d7da196508e8d8413b3138320c151b2

    SHA1

    ef656b4a7e21e2207541d4e62cdf1eae310bb202

    SHA256

    2920d746f1fbadda11ea319d72cc402225259479f7563bc7ce2e34b325f9769a

    SHA512

    1ec6bff5b35a11a5d9012b80028bf7e0c5fbef1744bfeee30c389d91d82150504eeb439a2e5a913049c87a433b3d21439d4eedfd89c32cefbeb11a5284434158

  • memory/1832-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/1832-428-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB