Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 02:49

General

  • Target

    5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe

  • Size

    97KB

  • MD5

    5884c891bfa55e1d2aac42d1fdac0690

  • SHA1

    92682b52665072cec611f5a506216f5de2f22340

  • SHA256

    4885bf1891f18d4ade0835a78f1d346dd95f244ed6cd9cbfe24ac1684a0ba73e

  • SHA512

    e1c350beb712ad1cb5442a7a0475ce95a45db079f3f1ef743f8814b5797a5ccb6086a13efd59ec5ee567a96fff96d6ca8b9947123663e6889951bdb3d606bab5

  • SSDEEP

    3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB0:PqFF2Ie+efsim2f

Score
9/10

Malware Config

Signatures

  • Renames multiple (3470) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
    Filesize

    97KB

    MD5

    b834da3e98a6226fa64e5c21fbc1b1c2

    SHA1

    1d1c2a4edd21055d61252309cfe5926109476438

    SHA256

    c64a95023f0542f0d98c27c9fac4f3ec2747b0d2ad01a2902f711b161da37594

    SHA512

    7e31c3c51da48244dda306a5b47233657dc81d5655ad1eb0eb79322febe2947f066a9ea1e093148bfad08faddfee2182f2f41deaa2273bc600624b3a51086934

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    106KB

    MD5

    dc5b5a7199d991e796d2d7ee4ebb048f

    SHA1

    8dedc92c2f048faf3d9093b2ba61791037b1ba62

    SHA256

    a83bc6b87c2d5471083e488d2097ea1662ff97d346c2120fda9cb27a53559996

    SHA512

    0e50db179cba2503918b793cc440f5b6591600957e3a1b7e4f81893b7dc96a174376e77f64983e8528065cdc58f6850670b61d6a8c25b0f89df35fb14cf218f5