Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:20

General

  • Target

    a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    a1b200d420ea0e0720cc99fa123a6e40

  • SHA1

    102bb3088358c1e8b809565c7cf0c6ebdc62ebb0

  • SHA256

    badb5f9b6d027fc3a25c0d7ccfafd11eb73154614717f1eb265d6c2e860827dc

  • SHA512

    9122d210fa2c34d26cefde86d06524e886b40502d1350ed0a7706d9dcbf62a0ea16d86bcb5193279e35c644ac2114894274043f05de8261f64d4070c1694408b

  • SSDEEP

    768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFmzWzXUS:67Zf/FAxTWY1++PJHJXA/OsIZpPEIUW

Score
9/10

Malware Config

Signatures

  • Renames multiple (3761) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
    Filesize

    73KB

    MD5

    718e17a45734eb464336f122379d54e9

    SHA1

    6c279f7de47b8950990f2eb1b81bf0f58b53b663

    SHA256

    c7565bb7f938a436ab49b69814d38fb0a54d4c3af880f202ccb263e735f61707

    SHA512

    d172315362c364dab85e568ae6fb7056b606ddee92369893b2bc761eaad9f59e9eaee66d268dbd766772b5c6ab53fa231d8e4a672c1e2bd6361d7c6854c2c36a

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    82KB

    MD5

    ed2b621ad79b3744db4a064f7c1ce000

    SHA1

    0b6c43cf3548e9a2e127ece1d5ec3ce01a40b095

    SHA256

    ab568c3821fe61f50af0a498e41d4d80b9b4d2fa447eec113d319ed8bebfbb88

    SHA512

    331b130e9b6940c4b141a3029d6e4470bb09e1a020ed14a98aa409162ac49c4752d4f5232a5d4ebda79a9e1eb5bb6beb3dc1e01377223ab4f6712bc2a5ea5106

  • memory/2548-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/2548-654-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB