Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:08

General

  • Target

    a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    a118bbcd44222d7e2d707a598e68fc40

  • SHA1

    01ea9bc9ce6b1b7bb8969f5c381beb1d8aae436c

  • SHA256

    7b76219711e1c48550ba4fc5cd995cf353ca6aab28e7f81ce88303a229acd47a

  • SHA512

    c90956f461c5acc5f8bcfde39f6e5bdafb390037bdc9822d4ba83dc8631c96b05c91bcc7b9b460841e5be4c562e93caf22b8c718021c1d2a785b6d1886bdac27

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tw0A0v:6e7WpP9oVLQthbYY9oVLQthbUrt7tw0j

Score
9/10

Malware Config

Signatures

  • Renames multiple (4865) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4572
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1416,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=2904 /prefetch:8
    1⤵
      PID:236

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp
      Filesize

      79KB

      MD5

      120959c1137f51bfcd8ef1cf7e99b99f

      SHA1

      62d7a63593467c1fb51f3ef775e97ca27f4d7a47

      SHA256

      7e0c98dc61f7df25570db7dac8561c20d17298b77fa8a891136b4ed0968c87d3

      SHA512

      aacdb3626c13c23c9d08e8338a63b145988db202005cd39794655a918c80106fe6f9f7743c36a6edb799e5e2597d1a2653e3d1ba56e83c8df4dd2d946a6f436d

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      192KB

      MD5

      debf9e9f558a1a821c23e12d5d640356

      SHA1

      eb1d22384572b460c8dd5cc08bf9fbaa712ad9ca

      SHA256

      5b346512ef149c06c5cc863da68e43b5ef36a04d1b54c9f45699ad00b0a4026a

      SHA512

      d50bad9ce4187e46ce9f460d06a688739fa9812038666ecaa20a0dc6aa30e1b0a9a00a9278b6e9f81cbc51fc11e994fb8b3462b8d0c5f7288057c97c28e3cc98