Analysis

  • max time kernel
    150s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 03:38

General

  • Target

    9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe

  • Size

    69KB

  • MD5

    9f387f63e0c0d590228928d1ab7f6ff0

  • SHA1

    90faa0600c0049af19846fdc2487faa6427aae85

  • SHA256

    e8edefec19cb2dc67c92f29fe4bee4b91fa52347b4fa2d6b0578a7714c94acee

  • SHA512

    774e052f645000cabc2791c13a1d0bd801d5b5432ab8bb8080ab811643251cfc236ce171e5f7b780d9f234cb90ddc76ca17e979a5caedc09b009abbb2d975cd5

  • SSDEEP

    768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXH:a7ZyqaFAlsr1++PJHJXFAIuZAIu8

Score
9/10

Malware Config

Signatures

  • Renames multiple (5243) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:5016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    69KB

    MD5

    b52af79fb148fe9714b3ea36c8a6c3fd

    SHA1

    bfc5515347240573699f24aeb7cecf800d6cc48a

    SHA256

    dcafc54e42af55d1b139147ba50c147643102a954ae2c979676dcf971d786d68

    SHA512

    ca7586338a22aafedca94f2b95fa72192cabaaf477bad99a82ed74d5441b419b60d945fffc448f6ec882c5aa24b0e0e423bbb3c0faf9cec6d5a6b92cc2d9bce2

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    168KB

    MD5

    f8b1574c4ae8f7d0b2d17428b0e7f5c8

    SHA1

    81c5c1ef590ca38e422e9a652e9ec27afff4db4b

    SHA256

    7f53329c9d8a6c426f3862082d14404e99674295800d1cdc8e95327acdfeed42

    SHA512

    fa324eb6be98ea53ae17c2a0dcabd856b867e6c223b57484a1d0df41d6ce3227d7db6281ecca0df1777b881f6bb40fecfd201bc352c828cdcb7e9d25fea27728

  • memory/5016-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/5016-1948-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB