Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 03:16

General

  • Target

    9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe

  • Size

    358KB

  • MD5

    9df4ddb426e4ecfb95da361947f7a050

  • SHA1

    ba8bff8c22f71144c4ff4d40aefba2d9c3d75e3f

  • SHA256

    222568e7f49c8ee85a7976da7d2d410fe892b9c446fffd0e6aca626a1b8d7cff

  • SHA512

    5e3e40c2ab97a97b0721f9e921ba7e09285f997d04a7cfaaa889f8f077d45fed71744364cc1de094a7c6a94ea6ebd79c4b79159811cab067e94ba39e7b536af5

  • SSDEEP

    6144:KiQSo1EZGtKgZGtK/CAIuZAIuMQSo1EZGtKgZGtK/CAIuZAIuj2x2o:VQtyZGtKgZGtK/CAIuZAIuMQtyZGtKgv

Score
9/10

Malware Config

Signatures

  • Renames multiple (2704) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
    Filesize

    358KB

    MD5

    c0cd3d914a96bb52284d318aa09d3f28

    SHA1

    e3561190c6f0ce6ca586962ea95ae8de3dc827f6

    SHA256

    6999857a6812fff01a54cd93a1b1a9fe8823fb068d9229356bf54d63c05dc333

    SHA512

    5ee897c10991b07f2493cea0fae5da73b7120b401f430fd726987723342ae18dc00884e47c610c81f69e438d0c49aaf6a8cacb1c235c2b2d214494015056c657

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    367KB

    MD5

    f77fb9a7fce3ead5a30f393503703eee

    SHA1

    b3b295b55a2e167a71fffd9cdd57ee38fb51c2b0

    SHA256

    4f86cd57d848b0e0a325f59b71751f3bef2bf10f004763ad6ef61a5131d66dcb

    SHA512

    63dc9e2c340c47c50280df3e9effd7b1c3f17971a7cac4b08da04edd9bc12ba47eebbdae10970ff36540f50b98a477448ee8b9a39c35f1b9409f2d55bf3c7724

  • memory/2036-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/2036-396-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB