Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:41

General

  • Target

    a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe

  • Size

    44KB

  • MD5

    a2dd955e9f14500ae17e7476332e61a0

  • SHA1

    eb78da914282ccff3c8503d9ea6c833ede975525

  • SHA256

    02c08dca00a93be13c68b3dd0f769fa8abae118ed06627a1f4c459da0b8fa2c6

  • SHA512

    ed50f9a7393b86467404693d64f19acced1e677755ed7b001706a518827d54589ab154c0529feccefb482251a6841442c40a24b8487405728408701b93cedb97

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDu:W7BlpNLpARFbhblkYlkuvIYFWcDYcDu

Score
9/10

Malware Config

Signatures

  • Renames multiple (5326) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4416
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4232,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3920 /prefetch:8
    1⤵
      PID:1408

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
      Filesize

      45KB

      MD5

      404d1471841c7b7ede7ba526fb48a25f

      SHA1

      e9d53e49a86f3ee67d5b65f5cebe593ce8d05034

      SHA256

      d17259aad0f02afa734432b02acaa965747f4432c9da4647ee2fde86ccc2f09a

      SHA512

      f410d6b604cb8f73ecfbc9d2ed034f888a2ce81ad2511ca550f13d00f79b16a64b3edf38a7d44f97cba7963b43587f13fc13c8ccc6b14c94b67641ab3a84a993

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      157KB

      MD5

      97e69308ec479e34596d68d9c9d20e06

      SHA1

      2965088bea301281ad24b52e1c51ad2781073a66

      SHA256

      185a217188c06c8e93aa63ce24d0958d9b8cd61371266c7b5d0f7c66aa74f4a7

      SHA512

      0b8b6681835488c279e582d37f89f37ccb4246ae45479ece70758710a5caac0a1922002e2e9f2284c761c685104bbd84bb3747e6f9f302cd7897eb0db8f64e84