Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:24

General

  • Target

    a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe

  • Size

    50KB

  • MD5

    a1f2f462c608a209c5ba34aa379c5610

  • SHA1

    0423a45f9dd98e7955195262bc7784b6e4552c01

  • SHA256

    f667f5e8111a397187ee4ce34b5416d76c43b4f487f31422d81a9edee58e8bbf

  • SHA512

    93ca4501154783f858a0c11046751ec3db01cecc7165a94eee50d30ac609dfb1e9e3db49707dd656f68fa8be27ee0c9ce3e73c9ed9093c221b880c7d8770dc51

  • SSDEEP

    768:W7BlpNLpARFbhblkYlkuvIYFWcDYcDeR6OR6F:W7ZNLpApCZuvIYYoYoOl8

Score
9/10

Malware Config

Signatures

  • Renames multiple (3790) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
    Filesize

    50KB

    MD5

    fad69b5383f2f94fc2866b7b995174ce

    SHA1

    e694f4c94a1fe2cdf7f9d39c5b0734395279db2b

    SHA256

    9f7dc2631578a88c49d3a9f4eb9653b16d204ad0f1c44cf50d294b56f16a6c25

    SHA512

    bd61697a4c7135d3d89b2e13979330892ab153ac83fcf437129be93692e4a77073461e12a03611d0cd58f636a5b1fcc21c6736dc76361b332143b182fa6ce21c

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    59KB

    MD5

    11dcc3efdbece4fc88bf8e67ef94d183

    SHA1

    3bdf9a0caa0582f5866ed0c2a1964e567eb633c5

    SHA256

    b648e7fdcf48a4cd508837181b099c82617a2ddf240d5c2585b270acc43a2b49

    SHA512

    5a7493a3d5368e92ad9d51c7ae28da197a60df914f4055e9ea477d6db5fdfbfebcdbabba0f9467cd2bf5e1e7f9e7d25d1a894da8c650ed0c15ef92970a8b2119