Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 03:26

General

  • Target

    9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    9e998e2db856f0fc914b1855482fe4c0

  • SHA1

    0444d8260bdc2df0e72cdb4d2bfa406a7dcfa422

  • SHA256

    540c58b0344f9538724c9c683b00be871ad8dd0a1a1b30fd9c9636cd1a60fe03

  • SHA512

    382f445a1158e7af7e2178b5859db748960e860c7e84b16d0cd57daf90c360c9e11220fa603014fa1e7d2ef577d79e4437d6bb81f4b12c7570df0f413275ed20

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcd:/7ZQpApze+eJfFpsJOfFpsJQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (5194) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3492
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3932,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=1412 /prefetch:8
    1⤵
      PID:712

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp
      Filesize

      47KB

      MD5

      d9588d6971725a8262715c227e22a985

      SHA1

      d0dd1f540f3c30645675a6b624a8977c34000b5f

      SHA256

      4f654b064789fd601a64d26d5c664bf5e85d64c161065efb02f8cbc2f82460f7

      SHA512

      cf962009655423de95f26f0d158764ac17bfdd9b41adece50c53787ede3db882e62ddd9c7532317f33a05aff029d1c64e21aa6f32de2de0fe47584dd7bd92399

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      159KB

      MD5

      dcbc7d63f865f670f9267865291ea7ee

      SHA1

      7298b5c2b66aafb5518a4df39ffc455c69547439

      SHA256

      7e5b25a2ea58f04a85854b5ae19ce59a7c97e195beba7cb205fc2bc8b6960219

      SHA512

      9a9a13e4e5d852978b30a8e4574184704425b669bdc565fbb517268fad10489ef236cd041182d3a08285daa2a4e1e0ce3b88e9a60c6e35c30b26a1724b6bffa4

    • memory/3492-1-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB