Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:09

General

  • Target

    a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    a125686b9a379c4e5bf3242aa82b1910

  • SHA1

    a5a5392b2e1070eea983e7522b89031e5cef3b0a

  • SHA256

    a071f8c717d3992f1752ccba135a5c9a7b44934cede86da59cb455985bbe7b08

  • SHA512

    8805663230613a0155c10b65690f75c69c39e06d8c20bf1947d07ddc0595baa66ce902fd6de4a312574a931e0eafb8688085dc6a5fecb60391d8acd825b3262e

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhR:6pWpUFpEhLfyBtPf50FWkFpPDze/qFso

Score
9/10

Malware Config

Signatures

  • Renames multiple (3723) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
    Filesize

    79KB

    MD5

    ca6225876817dd28823fba44ce6eb687

    SHA1

    94bbdf2a1f2053942a6831eb711df8a0cd536b77

    SHA256

    4beaef0b9b00af3047e93af209750507ab2752da10a6a79da3a8f0f8c8e98ebd

    SHA512

    ba1d9a821c290285d7d574a7d03bb89e829365554ec5435a5c2649390989229299735b04c47ee780e4d31d401b79cb3dc23f5c2beee6ca36e598de1d0bc34ab6

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    88KB

    MD5

    91c7c52e6936b1ea378dc65da94671d6

    SHA1

    df7e670f19b66c9661584bc761c9969e448b47ab

    SHA256

    929dacfcaf8991414d77d8a763ceb7eb400045128b6cbd25ff11a5f58b6f4578

    SHA512

    4ccb25a20c386497209557c4cca4d874bee60ccb5cd63069e1ccf5ea087818f44916836c2caac594d31aae70de85f1812cae9d4447febe3c190ec17632fb0abb