Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:21

General

  • Target

    a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe

  • Size

    84KB

  • MD5

    a1ca54da009621d5ea573935c915f960

  • SHA1

    48ad6bb4f1e79701ae6c316d19a48068ae39cb3d

  • SHA256

    511092292fb93602bc0ad8658a15db4194a26a682f9fb9aa4bdb5c0170dcd76c

  • SHA512

    c2c3ccd379c0eb7f1a7f8cfb258f33997cbacd021eeee5dd734b0b8fee073e48b66ab7043ecb2b555761f00ccd5af656198ffedaaaeff9c031a8f00cf0ae3a03

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhq:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs/

Score
9/10

Malware Config

Signatures

  • Renames multiple (3459) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
    Filesize

    84KB

    MD5

    2044bd36539eef902c5574e0adac1bf9

    SHA1

    78558b0614e1be2b3be53a37aea05027392c55f5

    SHA256

    b0b4b71415fab2a5d5be94de335274eed359456ebebbfc00abeaa64520f00e4d

    SHA512

    deb931be3a34e420e95e20eeb603db26524166910c87c712e159e1ccaf1d25c7d4975ce776e3067417de15d10e207c1f9414ea4acf3f00762328e876117383c6

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    93KB

    MD5

    429d6d1ea4f5ee9f99d719a105f3cf28

    SHA1

    f49627efcdf596086bd0d1db42d1a75698f9800b

    SHA256

    d8e517daf1779ab3ef1f723b5bdcdd1bbc2e4088ad972c631cb4aa7920b569ff

    SHA512

    9991001f1a636852156ceb9d513d76308097c6deb4a75c227af300f6671170dd995d12f681eb5ab092ffc1ec2d3ebf928fabbd88546b833170cb485faca08653