Analysis

  • max time kernel
    150s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:58

General

  • Target

    a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe

  • Size

    66KB

  • MD5

    a419ad3521ceb5689b80f80f1e95d660

  • SHA1

    177b2fff3bc762aa73a92a281d19f1a2ccf6c102

  • SHA256

    27358220913ebc75247c5fc21a5a9e15cb418d4b740e50df687e7655b88c6326

  • SHA512

    c09c1bf2751b494102cc54b8cbbc706b317e438003adbb4c65add892b31551fe2e30478cb2dfb25a5f2a4f60f565d534f3f7b0b52afe297f5b0a6c4f89fd019f

  • SSDEEP

    768:W7BlphA7pARFbhvOsTKnKqtSpFCpF0YSiJgUpFpgFi101tlktRN8kgXZOXcvlkt+:W7ZhA7pApvOsOKjC0YSilpFpfkJOMCzs

Score
9/10

Malware Config

Signatures

  • Renames multiple (5249) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
    Filesize

    67KB

    MD5

    d7356f16f685ab88583bf73f4409664b

    SHA1

    a8003070689d0dc69323bcb92dc4b77d17a317a2

    SHA256

    99bd41c915fa89454b87eb1419cb4cfc4751d8369391590c9783e3fe6c56f5d8

    SHA512

    501d9f32f7d33cd5da694ae4a3b52ad791e443cd1d1aa8ef6deab29cfe4c44f099ac90fe200e9357f963b78816cd44a87db6fb913d29388a9bcd3ddcb7aa16cd

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    165KB

    MD5

    cbb3e69bb900ea194299ff6d12d0168d

    SHA1

    5a4cce13051f0a2977ff4bb3d1813db5602529b8

    SHA256

    6b3bcb8ce7419319f40c9ab1c291da105f32ee2d5362253a37ce18f1e58b8193

    SHA512

    699d30e38ec6757738d1f7d7fd4290d7b9b3821f6eeb3ff157dfa21bb39b9f470e075c850902f67393bb7de4d1183ccf60900a6a33136799f8eecd1eb05e382c