Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:26

General

  • Target

    a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    a207db795798d6d8a68f537d8f7b1b20

  • SHA1

    f8664d69ab06f8d5fb0bea338deab1bd82b49bd4

  • SHA256

    7af5f739a9897bca404d5f4db7519fd3aeb68cadb1e603abe6e752d4b4ebc0ff

  • SHA512

    ab6cb4c1f01685414e8b2e8c1036e372d7ffa14edbd26a2d247cadb0e1f3dddf229547b63762c949b86ec2bca38749b5c1d952183e9afd14f16fd8d79374a3ad

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHp:W7ZDpApYbWjIlE77ufL2e+efZwZ2b

Score
9/10

Malware Config

Signatures

  • Renames multiple (1162) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp
    Filesize

    78KB

    MD5

    f4471e269758a9fd67244c394c2e02d8

    SHA1

    a97205f3e15875a725c8e3ce59753b012750b9b9

    SHA256

    4818c93342f2cabb8d252e6cb71af62376c1c3410f28a5bbcd449db970f34980

    SHA512

    5ef9a6053b0918faf370c12a4a9c244b6d71803217818a026674e77a0605ed016f617ec26943d8551fa676c3d4bdad61692198e623eec6ab3d2b688c6820d396

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    87KB

    MD5

    54ae7086d7f1980e4239e4aecdc514a7

    SHA1

    cb563106f9c6cf617b707c9e8dd817bb17819fbb

    SHA256

    927a07e17d5c9aee51434578a3f918b984d948832573dec966afcab72d9d7fda

    SHA512

    93e746eeef68ec62dcc373ae8ff368da637bc8d4ebd36d136d41181779a25b6d7a1aba743bd610e9ccc6496e1fdcc39ca8aacdd4384bbd43c8a5d0e24c02b58f