Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 03:38

General

  • Target

    9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe

  • Size

    69KB

  • MD5

    9f387f63e0c0d590228928d1ab7f6ff0

  • SHA1

    90faa0600c0049af19846fdc2487faa6427aae85

  • SHA256

    e8edefec19cb2dc67c92f29fe4bee4b91fa52347b4fa2d6b0578a7714c94acee

  • SHA512

    774e052f645000cabc2791c13a1d0bd801d5b5432ab8bb8080ab811643251cfc236ce171e5f7b780d9f234cb90ddc76ca17e979a5caedc09b009abbb2d975cd5

  • SSDEEP

    768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXH:a7ZyqaFAlsr1++PJHJXFAIuZAIu8

Score
9/10

Malware Config

Signatures

  • Renames multiple (3427) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
    Filesize

    69KB

    MD5

    900e9c597e220b9744cc7a8535ccd842

    SHA1

    06e674ccf45f1274738671d2d478e6b68d1f7bb1

    SHA256

    911fb86d34cee00aaa1a05ac8cffd466fc2f493c858fc5ec3e7997b4546a9461

    SHA512

    214a1c1cf8dd946bf20d36636519f8ceb4c1ae9bc0d7b2ae40d106d759030abf9788fbdca0340517e31675cad6f93c76a9f0c7c545deb5f7be527c51c15b6f26

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    78KB

    MD5

    ac4dfc4728e789dc2024fa7199e1743f

    SHA1

    323486e801774f2b6a1bc8dd893001b21d349bfa

    SHA256

    6659a8a6d678f4744d6c8bf0b21ee0ed4be437d2b3ce83c7516cadce81d616cf

    SHA512

    17b2d2b4c0f98d689c42a456bf02fe1e08b0acf750289ce0ee04df66bc6889058b0783968c9f015f4926ffa0bd10d0947e953d324d03c9889a2fb0be66fce935

  • memory/1948-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/1948-456-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB