Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 03:26

General

  • Target

    9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    9e998e2db856f0fc914b1855482fe4c0

  • SHA1

    0444d8260bdc2df0e72cdb4d2bfa406a7dcfa422

  • SHA256

    540c58b0344f9538724c9c683b00be871ad8dd0a1a1b30fd9c9636cd1a60fe03

  • SHA512

    382f445a1158e7af7e2178b5859db748960e860c7e84b16d0cd57daf90c360c9e11220fa603014fa1e7d2ef577d79e4437d6bb81f4b12c7570df0f413275ed20

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcd:/7ZQpApze+eJfFpsJOfFpsJQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (3832) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
    Filesize

    47KB

    MD5

    9d777fab351b7a3ab9f8414e1b9b4d28

    SHA1

    332113f0f24538297b4408ac6c4113be20f42e35

    SHA256

    c1bbe6d0227182ad2af10e71a269328a576cf6a03ffc1c967d3cba422b998e04

    SHA512

    8081844a00e4a55c6730ead9d256c4d83e84d16c8e507065a4c8676dffa904f3c5a2241650aaf4963abf727489295bd5a5c424712f6244299d484abedf0d8948

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    56KB

    MD5

    435f0c52cb8f5644eb52e17e38ccfc4b

    SHA1

    7f46b7be793454e9460b0d174cbf1b0c0a70f7f4

    SHA256

    455294e586a3e94614c95988974f2be830f8b5a88559df5a21bd21af8472b56b

    SHA512

    76bf227a37d2f80dcf1600ef83cc5dbe6c6f9152ef1e0cde6cea5bdffc35abb7db126b48a60c566012250cda59d1ba5e245d4f1a7b342cae81bf05bd73b7ec0f

  • memory/1924-0-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

  • memory/1924-668-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB