Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:20

General

  • Target

    a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    a1b200d420ea0e0720cc99fa123a6e40

  • SHA1

    102bb3088358c1e8b809565c7cf0c6ebdc62ebb0

  • SHA256

    badb5f9b6d027fc3a25c0d7ccfafd11eb73154614717f1eb265d6c2e860827dc

  • SHA512

    9122d210fa2c34d26cefde86d06524e886b40502d1350ed0a7706d9dcbf62a0ea16d86bcb5193279e35c644ac2114894274043f05de8261f64d4070c1694408b

  • SSDEEP

    768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFmzWzXUS:67Zf/FAxTWY1++PJHJXA/OsIZpPEIUW

Score
9/10

Malware Config

Signatures

  • Renames multiple (5235) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    73KB

    MD5

    6f819bbb7dcb2da2d8ebd3bc3e6ba7de

    SHA1

    32d953b00a486537ec587298e36d270701a335cb

    SHA256

    6d73fd4eaf710c0748bb3c69a27dd836bf54e2078f6b71573381986be2368a23

    SHA512

    483e87b7b81fee9e7858370a6a9c6276bd42b522518e9d096f6898a18ce267464cea672b6594c8d7515e729675977538ffdccacbf9772e14bfa86b34be80d372

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    172KB

    MD5

    226fba38d23035525cf8e375c079cf79

    SHA1

    512b2a6729da7314758bd4d91de457df838d74e9

    SHA256

    7393c99e0c2ebf7b9fea5513e6de7bc86a6fe0f73ef24f1fdb34e568c3b4abcf

    SHA512

    b8800b72309073547bfcbdb5836b27cbc88c6d59d52e7751fbb50ce1da6286d1ed63a8644ad9a17590eb4248cce727fba0d674d912e9e582af48628ac5c4fba0

  • memory/1272-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/1272-1952-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB