Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 03:08

General

  • Target

    9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe

  • Size

    91KB

  • MD5

    9d9e7db55a5af752860e374463405240

  • SHA1

    5376a10b305e536900ade56436d457bd4c7592f5

  • SHA256

    fca07a458d5574250564cc538261e76ff808b5feced1b8db5b62f9f4bb3b2699

  • SHA512

    edf819859cd5e57bebcf1a30e4497b393588df8ccf4de1691340c7061ddb148b079805584ce32917b3f3179f3d11ab956cef4f0c81b885654e2289ecfa04df03

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsxe+eX7n97ns1o8k1o8j:fnyiQSohsUsxe+erZs1o8k1o8j

Score
9/10

Malware Config

Signatures

  • Renames multiple (5200) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    91KB

    MD5

    38d1d3668ac592a59a4a0a6c128c1b7d

    SHA1

    7a11af00d9f3fba4c4bd5e1237f78c793a533860

    SHA256

    58216b06027988783c80240a6a29a16491c602db4193aec05a1d6fb78ae5ba89

    SHA512

    640dc7e38fbece7e6f421201e2a907a8a1bf2ca348de420471a29b95775637d7256bb5fa76b6c24fea0bc4bf8811e902af640511afc029c3f48c93744c1cd6d6

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    190KB

    MD5

    bf1e2eca029fe0d9069574553edb7f23

    SHA1

    1501d842dac443c6f76c6e0994f6a91c54e5d53c

    SHA256

    e9ef12970e6b7c3effdbbeace858605b45d67b580e9bed6e2f5e2fe5561943f7

    SHA512

    d06d68f228e328bed19c13676a7410cf82ab21e9b63e22f956b1747c44dfda845953eeb6f6690e887d371d3daf31cd1d45c6c5f309d422466d3c62b19f9a7776

  • memory/4156-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/4156-1962-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB