Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:09

General

  • Target

    a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    a125686b9a379c4e5bf3242aa82b1910

  • SHA1

    a5a5392b2e1070eea983e7522b89031e5cef3b0a

  • SHA256

    a071f8c717d3992f1752ccba135a5c9a7b44934cede86da59cb455985bbe7b08

  • SHA512

    8805663230613a0155c10b65690f75c69c39e06d8c20bf1947d07ddc0595baa66ce902fd6de4a312574a931e0eafb8688085dc6a5fecb60391d8acd825b3262e

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhR:6pWpUFpEhLfyBtPf50FWkFpPDze/qFso

Score
9/10

Malware Config

Signatures

  • Renames multiple (5006) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4308
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4104,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:8
    1⤵
      PID:3400

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp
      Filesize

      79KB

      MD5

      43d642b6ff2ed4cc0176d884e890f101

      SHA1

      80d6015f93dcb8c555f2c64ae24ff3351d817675

      SHA256

      05cf8e3dc49bd83cc46d244dd78f0e44312deb363eb1aee002c02a87a6e140a5

      SHA512

      7a1c3de434d00b22844211ed670342147097f775c67cb265cbecf4392ddabf85e3cb5b1261807df767e1a27985130757922a39e4a1f2e6a1bdf158dd763bb065

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      191KB

      MD5

      f603a768cee773aff116a3322e21e32e

      SHA1

      3f81a3e1a18d44f2edf47a8339a8ff6d5c93b303

      SHA256

      1ec01f15c120c7a391e9e93d3633510d74433a1876c568028d8c0da03e47322b

      SHA512

      f266f76116acc71b9f6d0841a72e11874865cdcc579b0f6f3c031d602209921867046803eff1bc5d40e8d717d91d0469d7f959675f232e09ec040e6e1a77172a