Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:07

General

  • Target

    a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe

  • Size

    70KB

  • MD5

    a10caa57e8e334803b2383aed6749070

  • SHA1

    4da37659ccddc0e3f77b2aa1e60074ca1cd217d5

  • SHA256

    0d0e9ae4c6cf81e07f9e57fcc8410e1e3ae2cf172d45aabdec6a4525747aa4a9

  • SHA512

    90ff9db6a0b4b3df5e8330e297ffa2f90de2c3ef06489703e4c8494a2d220dc8c20422ffbfac5e558a6e701d5dc51136282f7ba0f5af4002866f2d43de6b0f6b

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhl:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsw

Score
9/10

Malware Config

Signatures

  • Renames multiple (3755) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
    Filesize

    70KB

    MD5

    5084c56a45537dfb6901d7e154eaf8f9

    SHA1

    07e60ee4f827c88be545145ab8355e66b1989f79

    SHA256

    8474e1df50ba924dc8cfe631969088226a7ec38099b5a728fff19435f499f153

    SHA512

    4d0a8daa384ff58b376428fdb94ac3433c87ffdb66fb1e0098ae0b12fd30625c0556232b6d1f5b92da754c0c62d35d0c933b726e4d58b285e550a9e0c2b77e6f

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    79KB

    MD5

    bbf98f1210df38dfc7e6c7dff8ddc6b9

    SHA1

    5f9ccdf5723e2bd352d452561fcbb37977f09aa8

    SHA256

    c106dac42277cd946b1617f8624f4b89bcaa796ac01a0c41b8db8ed10d9c464e

    SHA512

    787ab118a631cc2ffaa55fdc04c59fce077fa5c4ccb655ca4084d9b026bba8e61d5ed7425680ad6e3d0e54eb3e9271059fe0f849bb607997ed394ed2209b21fd