Analysis

  • max time kernel
    150s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 03:40

General

  • Target

    5b79255cafb57fbaa39f693271081670_NeikiAnalytics.exe

  • Size

    355KB

  • MD5

    5b79255cafb57fbaa39f693271081670

  • SHA1

    2e5f32d530874fd4245b6599f5f39b6e139ce982

  • SHA256

    6c639361353ef527f4ec67c9a83b628b43a982cb3b77201a646281688ed5bd7f

  • SHA512

    9dfed3ad787314afae7587d713442ddde5f7720db9a40afd1ca08454a66fd73e49cb01b3786d7ee4f1387902bf0215f21c146f15700019617b009921e79167e6

  • SSDEEP

    6144:KiQSo1EZGtKgZGtK/CAIuZAIuhQSo1EZGtKgZGtK/CAIuZAIu+:VQtyZGtKgZGtK/CAIuZAIuhQtyZGtKgf

Score
9/10

Malware Config

Signatures

  • Renames multiple (4280) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b79255cafb57fbaa39f693271081670_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5b79255cafb57fbaa39f693271081670_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp
    Filesize

    356KB

    MD5

    befa900879575ab8af97e9d376162708

    SHA1

    156a6b16c293802474403f81f46ec4122f412e0e

    SHA256

    2ec4ee13eebba831837c49df8a093d0bd0b511c988b719c6923d473f95622a5c

    SHA512

    986c9dd651a853cab1d9ab80239d58d64dcfe5635a097f7d45b3a72c965ee2b1b64de4229ac096246f07430e3aecbce325b1d394d78167a2d1e45635c9c624e0

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    454KB

    MD5

    c662edb817eb7990ea1716e6b7d3b6cc

    SHA1

    1506ba17ffb4f99e4fe1782a6002675c6059dc78

    SHA256

    699c74ef84d1debd0126a71a0216dd78dc4a3da410c03211a913b367a4333736

    SHA512

    6b6784b37d5efb5322d059e4ec5b56bc05126ecb2c7188b34b2fb19e6f8dfa3c2df2e507a73d0efe7d420b1f1c36eba7f5779894788f09268c80b44e09a945fc

  • memory/720-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/720-1418-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB