Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 05:03

General

  • Target

    d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe

  • Size

    139KB

  • MD5

    d771a2874daf558e90f3747a1b379820

  • SHA1

    0f1d33361b1e3aaf994a4201bcf06ee832f8aef0

  • SHA256

    4c27b62874d12ad4bfd493160ec1625187610bba607489d9b5e3c833872c5fdf

  • SHA512

    86b927a7dc08498fc551cd2279a865a539f0901feeb0af54571a3d61de1d2524071efc47cf34b575fa06d54b79041af0f665e59643d9945f13b8f03fb164efa1

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IteTWn1++PJHJXA/Osw:fnyiQSohsUsWU9BK3IQSohsUsWU9BK3X

Score
9/10

Malware Config

Signatures

  • Renames multiple (3447) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

    Filesize

    139KB

    MD5

    987c8bccd0a475437750ad43ac8c8e5a

    SHA1

    04d8b9faec1a9bb712554caf863cebf59acf794d

    SHA256

    ad76851deaed21865b987fea5c3945a29f408c2b0fdf49c0b1db5afec52f7f8f

    SHA512

    0e7c65e16eb4b19787e1ad634d2fc27379cbaeb4ecf557638193d4222acc7a7bd9bd6899b7d59ed1588ce071d5cb597d379305ad62ba9ebada6f42be193742eb

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    148KB

    MD5

    929e452d7b4c54fa361e0bf1dfb59189

    SHA1

    deed832df1e60b833bbc5cce8e5ca902b16a683f

    SHA256

    681e976f3c3a1b2fe733922ea2ebb49b491087263b471967186d9ad711768e3c

    SHA512

    f660b94139920e6634a5070f17c12a152cf9be2edbaf6825344acc6cc90ef104d6f74b5f40f387563fd8957f36a1769235265aee84e39804d6137e4b29d4e42f

  • memory/2424-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2424-642-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB