Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:24

General

  • Target

    a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe

  • Size

    50KB

  • MD5

    a1f2f462c608a209c5ba34aa379c5610

  • SHA1

    0423a45f9dd98e7955195262bc7784b6e4552c01

  • SHA256

    f667f5e8111a397187ee4ce34b5416d76c43b4f487f31422d81a9edee58e8bbf

  • SHA512

    93ca4501154783f858a0c11046751ec3db01cecc7165a94eee50d30ac609dfb1e9e3db49707dd656f68fa8be27ee0c9ce3e73c9ed9093c221b880c7d8770dc51

  • SSDEEP

    768:W7BlpNLpARFbhblkYlkuvIYFWcDYcDeR6OR6F:W7ZNLpApCZuvIYYoYoOl8

Score
9/10

Malware Config

Signatures

  • Renames multiple (5109) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp
    Filesize

    50KB

    MD5

    d9348322257548fc9d6613621b153afe

    SHA1

    a2945d778071af52d467adce7d3b6cb4bce2f3e2

    SHA256

    d6ef99071dfd780dd487558bf63e554128fd4208a50c7af5c5d546e17e5d781c

    SHA512

    bf2c1572b0fb101413d3f42a72be9367078a8bf1ca127224d668e60de4dc186f8c2f3f47126320fd46080371aea827acf59dee6ad294e6eec93d7b0addd0263b

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    149KB

    MD5

    d0359c1211d5bb68e89ea07829c405f4

    SHA1

    d864607c85829d91dac70ca2b3da5e4e128509e9

    SHA256

    9712b66429f211409d52fa96c3bd79c3ff6bd13e8b7dfa3d6c08bd50aafa8c96

    SHA512

    ca0180dcc13a42ace4582d4f989b3365fbfdc5202d12f8ab8b079bac5c9b6c1dd3e428d1abb4b87bacbc6c513a49d186f269ba13ff1dffc6294bc0ba836238fd