Analysis

  • max time kernel
    149s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:51

General

  • Target

    a39e7ae746ae617e704a2bbcf25da6b0_NeikiAnalytics.exe

  • Size

    56KB

  • MD5

    a39e7ae746ae617e704a2bbcf25da6b0

  • SHA1

    afe7c84cae4ee71a1e61347616213977dbeb8e23

  • SHA256

    4ba10627df4e3a119ae70d80695f761d7f22754bf753fe2079c61d9f68dc03d4

  • SHA512

    b51187b919415da4c5016129907dbf3b3ee840acaf05eab9f7959277984e8e2842e4d7cec407e3c71324ae04304c635caee8c1b2bd7b875939eefb8948c29084

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLKWtK:KQSohsUsUK5

Score
9/10

Malware Config

Signatures

  • Renames multiple (5036) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a39e7ae746ae617e704a2bbcf25da6b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a39e7ae746ae617e704a2bbcf25da6b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp
    Filesize

    57KB

    MD5

    411e50fc3201716cb3fe145d30f85c41

    SHA1

    ceb39be099bfa9c4628876693050da2bbccb2696

    SHA256

    19072c231aa080f2346baafd256faf6cf2d487864b731cf1514f8ba9fec686a8

    SHA512

    9dfaaaa6bf7bff2885b6d6a3556d110ce1e26bf526e6d2599a28c3152ecdb3b90503c69969ff139c3af16ecc36ce15e793769978f5978b89ca2ac7d20a8f5560

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    155KB

    MD5

    ef24691dba969166095ca10bb58e2282

    SHA1

    254b3b1c5943f000848719d318b0e4dfad1aa92e

    SHA256

    4eac50175afe6e6189a1f43f4fc40355346abc64eb83f6cb29387356be78a7b2

    SHA512

    7ede408d01e7d8740b81ee7cafb54ccb0b77793283e4a28cd8211218a126993c16c10a609cb9e233be870b820db904b2e24593cc7315b4cfffa9e84b2d30a907

  • memory/4616-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

  • memory/4616-1056-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB