Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:14

General

  • Target

    a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe

  • Size

    76KB

  • MD5

    a171155929d0d8778c6bfe1a1ebab5d0

  • SHA1

    5a94285f1328fbd43d7df517839da3e7e4bee9f1

  • SHA256

    1f13c743e8dbc5621b4c7c031ce4abf368a904736543700751658371ae9a998e

  • SHA512

    f631a1440362c2ea8dfc9f9eeabeddb20a0d5464a12d39edb38c71a8cbcc29f9382983371f7c4d0c426509993c498cdc992c8e672a71e86a89f295dfd88b8f27

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t5m0m6911v:6e7WpP9oVLQthbYY9oVLQthbUrt7t5m6

Score
9/10

Malware Config

Signatures

  • Renames multiple (3460) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp
    Filesize

    76KB

    MD5

    a2e185bc451513f7348ef6f79a24c9dd

    SHA1

    e4706b43c93e24224dd1d3357e4ff5eb10a70605

    SHA256

    c0e7330a9537b6e6f8d3d951c966ee06cedb347fe75308f18d9199780bd11e92

    SHA512

    6bc15f6ab80629168443bb755bdda3e2f45a898de39cd9e5d8aedc8092c414397032a7dc7f070e8afb88aa2422b87c4b1d959a50e2ffa1195f3d7cc969a4c594

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    85KB

    MD5

    45465937a75d244743fe5dad9fe40415

    SHA1

    e28c113a00b8f441cc2d745beb9691a4b2e4999a

    SHA256

    6e3d43f8462e077d552670c565b9650e75cb97d13038df69e6e0a13e4fc9cf0d

    SHA512

    db01beb4a62de761d1bf07e6a3e78687c023cc00e04594d6d3fa56c8dc81606bf092fbf773030a51873af9baa56e7e46c23036ba35702d1546fbbeba2d80bbd5