Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:08

General

  • Target

    a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    a118bbcd44222d7e2d707a598e68fc40

  • SHA1

    01ea9bc9ce6b1b7bb8969f5c381beb1d8aae436c

  • SHA256

    7b76219711e1c48550ba4fc5cd995cf353ca6aab28e7f81ce88303a229acd47a

  • SHA512

    c90956f461c5acc5f8bcfde39f6e5bdafb390037bdc9822d4ba83dc8631c96b05c91bcc7b9b460841e5be4c562e93caf22b8c718021c1d2a785b6d1886bdac27

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tw0A0v:6e7WpP9oVLQthbYY9oVLQthbUrt7tw0j

Score
9/10

Malware Config

Signatures

  • Renames multiple (3439) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
    Filesize

    79KB

    MD5

    f89046a17a6977001c306f5705ce90ba

    SHA1

    e331da8015e1edf2b7b914ceaf46c83e5189277f

    SHA256

    b4ae73f52884d82cd0fa168aefaea28348f01280f345f4acee12274fa933890a

    SHA512

    8fce61cf28c2f1e80f4443ff39e1c35e3adecbb7660a3eff1099011f5153af6a0206d0daebd9fc8fb0231ecace5b2b7179a5cfb0c34753ecc9803c60dbc0b987

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    88KB

    MD5

    fe990a052b5f988b32d69cb1a0bafa2b

    SHA1

    55ced9101c7ff5148420a84a1829fbf73dc3459d

    SHA256

    2b4c1e8d4b73f84f52c55755717c1e84ce8dd621c34b6fc46b633272d180c619

    SHA512

    47ea1663780aaf5d55360cd76a361f25f9e3d240f2047e0a37bf9ad930298ecddf2c1ecefe48a14fbcea2e902d087e552cbfd706aab717d4ef84221d71cc242f