Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 03:05

General

  • Target

    9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    9d6197fd33d709cf342a114ebf615b10

  • SHA1

    d05053046924098d0fd4f064381ab7fe39e44e95

  • SHA256

    dd0de9ce91c78b03e8c45b602eeb5233261df2ee6591c0c4138e66e19bae4a86

  • SHA512

    1280d49546308574962757ed2c542868607bb80e4ef4b44dff98b09c23dcc4b4518e85c74e4f7a0f42579594a926db0514a167ee9036db091156bfd89e63a73c

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhw:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs1

Score
9/10

Malware Config

Signatures

  • Renames multiple (5249) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:320
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1336,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:8
    1⤵
      PID:4780

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
      Filesize

      80KB

      MD5

      283e661251a568ed96da52feb1787c02

      SHA1

      2ab9421dd50fb6f47783aa8f4381f4aee9a47ad0

      SHA256

      4bd36f70df956432319ddd9caa61f11dc7ce5a1791ca4e75fbb1507599a03f49

      SHA512

      8664a98f75a91af9e776eaf9267fde2942741c92e9b64463f8a799b2a8a7c76399c4e631d940d38e39741fbcc25161bfab3ef9612443f320c579ce61b6d76f10

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      192KB

      MD5

      5062ced87d97b500a055567d68c3b893

      SHA1

      590a5e613e657f6f9a7cffd534de4437a30ff59a

      SHA256

      a8526cc74f2aba9c14c493c9f1c8b286b4031c8f13ca58aef081a81df306db38

      SHA512

      6a68d30ac5dbbb0ab6b317f3641e13f40621de3b7e6db72dc8b4885b193fdfb37dddd883714087f382cf61398f51570407f55cd26b0980aedfe9cfc59729415e