Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 05:00

General

  • Target

    a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe

  • Size

    316KB

  • MD5

    a43cf3656d6ffc79a07f80f00e4f3b90

  • SHA1

    ffb8effd2b8659224eba62eaec1b11081e6e2100

  • SHA256

    e640f79b50024d7c43ff90195ccdb2493d7dd6d2261e9473bcb0721251ff0f16

  • SHA512

    0fa834bc8e09b5d7b7fc9fcda2f8843b021a540fdd653dc0740008c43e9bac30cc7d32a51c12b2a1119f658251a36782c08d1da368efe874a0c6a66d7aee132d

  • SSDEEP

    6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtv:3PxPir9RyiIuGcKbpaSL4vtv

Score
9/10

Malware Config

Signatures

  • Renames multiple (2844) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
    Filesize

    317KB

    MD5

    c71c4fce7f0761b8a55ede5e50ff49e2

    SHA1

    571e4ff20de84bb184cf8a0a5a9e5665cbf87549

    SHA256

    b4aa6c45c8970957454071d05a044d30c97b3a0aadf92aa6686212673d1f355d

    SHA512

    41d1f2066703ec8a1f5194ddd5864bef2e8628a1b004bac57998386f3ce0ec248b46ee70eb13fe4e8dd71bb6b84623ff15665fb964f653079d68ab41464aff8d

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    326KB

    MD5

    7da9dd1ee79fb2863745f1707de55384

    SHA1

    849b6b4b62cb29e9000a455851089070abab6098

    SHA256

    4a288204e06c4df21b35c71ce5d55c833ae532cf49c89151d92c3d521dbdbfd6

    SHA512

    53146911dae74c641bde92a788e5eebfb127ad03e83b38687993bf4e2057c4796212d7550c93e10e3370a71011fd91c046d90b073a682bdeb5e37b9ceb683706