Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 03:08

General

  • Target

    9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe

  • Size

    91KB

  • MD5

    9d9e7db55a5af752860e374463405240

  • SHA1

    5376a10b305e536900ade56436d457bd4c7592f5

  • SHA256

    fca07a458d5574250564cc538261e76ff808b5feced1b8db5b62f9f4bb3b2699

  • SHA512

    edf819859cd5e57bebcf1a30e4497b393588df8ccf4de1691340c7061ddb148b079805584ce32917b3f3179f3d11ab956cef4f0c81b885654e2289ecfa04df03

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsxe+eX7n97ns1o8k1o8j:fnyiQSohsUsxe+erZs1o8k1o8j

Score
9/10

Malware Config

Signatures

  • Renames multiple (3537) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
    Filesize

    91KB

    MD5

    2cf3db3307990c3cd0bdf8acced91998

    SHA1

    bd2452204e815cfa8ad49a9ada1d4d0951224e7f

    SHA256

    2e8317e7551470588422f15ab97def11d3939e752b861e05de0fae7632e65952

    SHA512

    3ec800b5c39964fcdc4c98eba4c88c862663ad3d5e689bfd54ad78a44f9528c543014a9011f2f1665e7d2be239b57ad4f79626b77223e1c1a7d136fcea1d449a

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    100KB

    MD5

    cfc794f7b6f3c35ff9fa51aa0c97e45a

    SHA1

    69d6b31fc192ec87928535134e6060db9b94cc22

    SHA256

    efc669b2f5981780645764cba65b487e693a4ffdacb37ca39098f0aed6cfec83

    SHA512

    c4f89e3b22e7fed933b61db0b3ed1b5e73235cc5f385c05301706ebf73e5c51bea98205007d532315f4ed0419a14826adab9133823bdb1e7bf9ec39f0a67f2d2

  • memory/3068-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/3068-654-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB