Analysis

  • max time kernel
    148s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:51

General

  • Target

    a39e7ae746ae617e704a2bbcf25da6b0_NeikiAnalytics.exe

  • Size

    56KB

  • MD5

    a39e7ae746ae617e704a2bbcf25da6b0

  • SHA1

    afe7c84cae4ee71a1e61347616213977dbeb8e23

  • SHA256

    4ba10627df4e3a119ae70d80695f761d7f22754bf753fe2079c61d9f68dc03d4

  • SHA512

    b51187b919415da4c5016129907dbf3b3ee840acaf05eab9f7959277984e8e2842e4d7cec407e3c71324ae04304c635caee8c1b2bd7b875939eefb8948c29084

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLKWtK:KQSohsUsUK5

Score
9/10

Malware Config

Signatures

  • Renames multiple (1029) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a39e7ae746ae617e704a2bbcf25da6b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a39e7ae746ae617e704a2bbcf25da6b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp
    Filesize

    57KB

    MD5

    99e9833f8cc441557482b48a70c991df

    SHA1

    3e056d3860aaff1ac32e92a3e19df9c3fa72d986

    SHA256

    c16030b99c33fb85d0a0654dcecba7c33a81094d51f912fdcb7a675eec2aee27

    SHA512

    7c6d357e130f821775feb8bad02ff44d1ff0fc793bf54923a117e3b9d45a449d45073f613a07ce1ea1c005bc291f9080cccdd625741af08094d3d56479c75e82

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    66KB

    MD5

    b4ed52226d15512089e32e99768eb33c

    SHA1

    097ba8205eea281e0788d1aa8305467be13222aa

    SHA256

    ece8508db77fe41ebe515d8a3f61c82fe5c81d2ca5c9fd3a1f5cc8fc4192ee0a

    SHA512

    9c7cd1cfde776a2f3f246205d1f22958675bc5df1ca73264570e4eced6894c42e45d49cc49f53bc542412aaf07b861ef5b723c2e47960de9d83c2d8571ef4988

  • memory/2924-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

  • memory/2924-26-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB