General

  • Target

    bb1b4a6a2bf97c26c318856a1baf3400_NeikiAnalytics.exe

  • Size

    527KB

  • Sample

    240614-nemcasycld

  • MD5

    bb1b4a6a2bf97c26c318856a1baf3400

  • SHA1

    5332f81d2480ef9f03fc7f63833c77ace67dd7eb

  • SHA256

    9530b22088bf493b62272c2282f3b2a0be44df8b6c534dd9ff666291fbd170e5

  • SHA512

    3c16a35524e8c24fdb98fdc20daf226088009fde02ed81a68e5b4b958c7d04982d98321ec4c1b7c2e929b966732bd6166bd7cb1747486423f908be3a100fbc99

  • SSDEEP

    12288:6ymOcB+pwPprnVmLmDsC+FU+ZOSzt9tzZx:6LOsDFncLmKDZOSzXFZx

Score
9/10

Malware Config

Targets

    • Target

      bb1b4a6a2bf97c26c318856a1baf3400_NeikiAnalytics.exe

    • Size

      527KB

    • MD5

      bb1b4a6a2bf97c26c318856a1baf3400

    • SHA1

      5332f81d2480ef9f03fc7f63833c77ace67dd7eb

    • SHA256

      9530b22088bf493b62272c2282f3b2a0be44df8b6c534dd9ff666291fbd170e5

    • SHA512

      3c16a35524e8c24fdb98fdc20daf226088009fde02ed81a68e5b4b958c7d04982d98321ec4c1b7c2e929b966732bd6166bd7cb1747486423f908be3a100fbc99

    • SSDEEP

      12288:6ymOcB+pwPprnVmLmDsC+FU+ZOSzt9tzZx:6LOsDFncLmKDZOSzXFZx

    Score
    9/10
    • Renames multiple (331) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks