Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 05:00

General

  • Target

    a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe

  • Size

    316KB

  • MD5

    a43cf3656d6ffc79a07f80f00e4f3b90

  • SHA1

    ffb8effd2b8659224eba62eaec1b11081e6e2100

  • SHA256

    e640f79b50024d7c43ff90195ccdb2493d7dd6d2261e9473bcb0721251ff0f16

  • SHA512

    0fa834bc8e09b5d7b7fc9fcda2f8843b021a540fdd653dc0740008c43e9bac30cc7d32a51c12b2a1119f658251a36782c08d1da368efe874a0c6a66d7aee132d

  • SSDEEP

    6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtv:3PxPir9RyiIuGcKbpaSL4vtv

Score
9/10

Malware Config

Signatures

  • Renames multiple (4638) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
    Filesize

    317KB

    MD5

    9a43ab1aabe39965bb54f46b810b9a31

    SHA1

    71ba65e4b7977348d459f2b6af22b5399e8ac292

    SHA256

    3876de2134581210357ca6548c845ad1bfb8d9e6fe1c5bf6211279d0f11535c3

    SHA512

    47d27802a99b08016c84a657a275654ceb74cd6488b233cdc238a24f0f832af74f25538515370256a99b27bc6a690c807493e2ce3d46c6a4557cce3d112f80c9

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    415KB

    MD5

    05bfedbaaa3879bb75828e8cd7a0aef8

    SHA1

    b89f18afc0c2a75127472d69a766b9cd0ef9966a

    SHA256

    fd23a3acbf2a3584bab452c7c5b693be24d2ad623bfe4f44e483a6dd557e0c6f

    SHA512

    6a83f402f8b767109d7391627c5bf7ac3e1ddd4fb3924cfe866e0b6f4d946a6dc3fe6bc6fc452976396188d8c780d944fd017e63ad6b2ae94f8c82114a68fd0d