Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 03:16

General

  • Target

    9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe

  • Size

    42KB

  • MD5

    9e1284ab458121573aab140b409925b0

  • SHA1

    e6b805a56ef6fb33e6e1fff7be491caa79f70dbc

  • SHA256

    1bb2e79ccb16012c8197b013502954d098536fec325105c653011b2115392619

  • SHA512

    43506b420f9498c29494740fb7883035b691f5a99818623e5070c89b8e48a22ac36208989502aae73e4b83c433272b9a994456a44818439a627f4ec95a56914b

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHsj:W7BlpNLpARFbhblkYlkuvIYFdj

Score
9/10

Malware Config

Signatures

  • Renames multiple (5339) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
    Filesize

    42KB

    MD5

    4de755680671c926f5c777bf58cab200

    SHA1

    495859a8d943a7fe09dd49cd406d1b954e7b1202

    SHA256

    b58fefb28da20ac3907939a909b0adfceea0060ed4975b26b662087b5e3e617a

    SHA512

    4833658da146f7c3f147ba7b1ebfa322a92580098d359123e40fe51bb0871336857e3217056bde57e7bbcacb4f23d21d60a21fae29e7583fb5fe111579f4d3c2

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    141KB

    MD5

    8c2d1b3b933a64f864a08b2a2ff6fc8d

    SHA1

    0552adaa70c99c97993b46ed8095688d48af7bb1

    SHA256

    058ecd79b5ec60cb4ef03ce5dfd20a0c3342114565a56522289d6cfa7a595959

    SHA512

    f93ac2807fca9d006739a4856c9a3feb773adb89e50cceea9b3743cf4a22f1dd02a8748ba9a4a996fa75049d0731831fe29ecffd248efad2891279f6b30165ca