Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:21

General

  • Target

    a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe

  • Size

    84KB

  • MD5

    a1ca54da009621d5ea573935c915f960

  • SHA1

    48ad6bb4f1e79701ae6c316d19a48068ae39cb3d

  • SHA256

    511092292fb93602bc0ad8658a15db4194a26a682f9fb9aa4bdb5c0170dcd76c

  • SHA512

    c2c3ccd379c0eb7f1a7f8cfb258f33997cbacd021eeee5dd734b0b8fee073e48b66ab7043ecb2b555761f00ccd5af656198ffedaaaeff9c031a8f00cf0ae3a03

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhq:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs/

Score
9/10

Malware Config

Signatures

  • Renames multiple (5031) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp
    Filesize

    84KB

    MD5

    9a4625eae95d41b6df6454093b76faf2

    SHA1

    c3641e9afa700b9495a11f46678ac8663c33575a

    SHA256

    3c1ea4836639741c6064c5213445e4cae45d157b5b30b647e8144c4e15228a97

    SHA512

    44d390982edecd3ff9c8e74484574003d58518750a0804c566d0a048802eb565781ddb38079b293c5961da93ce08c2a839afc4227404a899eb75d699e2aea4b3

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    183KB

    MD5

    fa21c45daf75be47af8392feae7beec1

    SHA1

    6d39068522b8446f57f93ea0770aaae1635f8aaa

    SHA256

    17e39e7adf2e381cbca42994ccf03b80ce50628435420c8d31b96b383234bac1

    SHA512

    099dfb95a44ca37f061a287a8ceb348be99222ad4996b0461ce4d6651b0769de34bab3619b48aae64bcf9b9d2029674f4740b331a0673db209509914c79d8432