Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 03:05

General

  • Target

    9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    9d6197fd33d709cf342a114ebf615b10

  • SHA1

    d05053046924098d0fd4f064381ab7fe39e44e95

  • SHA256

    dd0de9ce91c78b03e8c45b602eeb5233261df2ee6591c0c4138e66e19bae4a86

  • SHA512

    1280d49546308574962757ed2c542868607bb80e4ef4b44dff98b09c23dcc4b4518e85c74e4f7a0f42579594a926db0514a167ee9036db091156bfd89e63a73c

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhw:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs1

Score
9/10

Malware Config

Signatures

  • Renames multiple (3451) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp
    Filesize

    80KB

    MD5

    70dcf83e0a7da9edbe9fb423e6e56eb7

    SHA1

    1e8013d7fc0effd8332bc8153ec43463bbebab2b

    SHA256

    a8fb59819284081bbda6716d98b9fbdfebf44b7a33c742e3c1efaef7d1108094

    SHA512

    3cb7096728659e533397a13c8a9ed9debb0249454d2ebd2394a07da656e2b1d97acbea3706d1296c6aecaf8cbb0d0c9a15ca08e68a1fde0606004cc3cc14a11c

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    89KB

    MD5

    b83a25736fa85643d7870432cd0f6ac1

    SHA1

    62efb1075302d01e999c3ad2f4d47ac398de788e

    SHA256

    f00f9e0926ac05d9228e3bbd010cc044122f86d6264c1a3e8d9557728b490ac2

    SHA512

    995176ced5d94eb88a21a7309d99716096c7a197c9cb523d7cfa3096ef72380da70fd0bfe64de8a194cd4daf1d50eb0e4faba00c903b73c00ad7081d466a17f0