Analysis

  • max time kernel
    151s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:56

General

  • Target

    a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe

  • Size

    44KB

  • MD5

    a40976b5441acb9163e177b462d75b10

  • SHA1

    f88f9b104c4688a1fdb60e85148635e82eb47e2d

  • SHA256

    4d5077fab12be489d18ffe985356420a95f1d7b1727a9d732df048f76360ace4

  • SHA512

    7e1bf083cf43685665755b32cbca1bb7ec7fb5f16ed4ae57227794c68db9ff7ec4b90d66745a3eae0e32dcfb5015b638dbc65ffb216193d5d8b2bf9205379517

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDy:W7BlpNLpARFbhblkYlkuvIYFWcDYcDy

Score
9/10

Malware Config

Signatures

  • Renames multiple (1358) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4832
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:380

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
      Filesize

      45KB

      MD5

      3efe00b8680fdc912af6b49c3eaba8ef

      SHA1

      980210fae5ac9b6edbe4e92a5d5f0bbf5a535855

      SHA256

      989768a0ac992ef09125f7c48b9a06c256bfa05aaf9a41465cfa62e12e26c5ce

      SHA512

      8611f1d4d15a6a7985bd7e449d70e4b726832b96fb38707ab4e6b9d5ba53072fcf14980affa84985b3e135fa8d4b559a596ea87591f354470033606a55cd99f0

    • C:\libsmartscreen.dll.tmp
      Filesize

      44KB

      MD5

      3d31c842b21f38ca35b3d43e6fc35b69

      SHA1

      0f25adcedaf19a59bfe679d677f9d990da24716a

      SHA256

      a14d8311ceb32496de546ba26a8ea22af5490f6bb438d2a42b82b49e80d1b33d

      SHA512

      2284752f16e5bd762f36dc03d47fba8adfa43001428ae6874fd8736ebaa36379f5e4f439af5572c80c2eeda23298e6d8bf3b41db78be99f00e6c1e1376bf5b5a