Analysis

  • max time kernel
    149s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:14

General

  • Target

    a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe

  • Size

    76KB

  • MD5

    a171155929d0d8778c6bfe1a1ebab5d0

  • SHA1

    5a94285f1328fbd43d7df517839da3e7e4bee9f1

  • SHA256

    1f13c743e8dbc5621b4c7c031ce4abf368a904736543700751658371ae9a998e

  • SHA512

    f631a1440362c2ea8dfc9f9eeabeddb20a0d5464a12d39edb38c71a8cbcc29f9382983371f7c4d0c426509993c498cdc992c8e672a71e86a89f295dfd88b8f27

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t5m0m6911v:6e7WpP9oVLQthbYY9oVLQthbUrt7t5m6

Score
9/10

Malware Config

Signatures

  • Renames multiple (5197) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
    Filesize

    76KB

    MD5

    3fbe0e4153128f73765e8deec9b88851

    SHA1

    710028702792d56c8d5b853ffa3233da6d393da6

    SHA256

    e1b52c95f5a9560a9175a654fe02130eb9e045fb06b268b27b16762b9d57e86e

    SHA512

    ce016381ada5c9c104f8354934537a21c955d0f51dc1a2965467d1445f2eea3ddd6c84bd960f6d0fc84100f17be84e0357277f9709b240eecb79c40800d5adad

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    175KB

    MD5

    873608fbf843a4f2c8ac2ac10980497a

    SHA1

    d0c66ad76cbd576b1f1450f73d00d47566a20e0b

    SHA256

    7cff028a7db4ee2188074ae66a1800d5435c197819f41eb771e6ce317c8fb6ca

    SHA512

    bcf1733a45c4cd11857b4f01d9c151a94a8238d19bcafaa086eea51bfee88d64abf3fcaa409ea8b47c5906808d43bf6f1844e744b6ab558984d442e316af1e7a