Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 05:03

General

  • Target

    d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe

  • Size

    139KB

  • MD5

    d771a2874daf558e90f3747a1b379820

  • SHA1

    0f1d33361b1e3aaf994a4201bcf06ee832f8aef0

  • SHA256

    4c27b62874d12ad4bfd493160ec1625187610bba607489d9b5e3c833872c5fdf

  • SHA512

    86b927a7dc08498fc551cd2279a865a539f0901feeb0af54571a3d61de1d2524071efc47cf34b575fa06d54b79041af0f665e59643d9945f13b8f03fb164efa1

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IteTWn1++PJHJXA/Osw:fnyiQSohsUsWU9BK3IQSohsUsWU9BK3X

Score
9/10

Malware Config

Signatures

  • Renames multiple (4841) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

    Filesize

    139KB

    MD5

    ad59dcb962b8ed66ee0c01b680f85cb4

    SHA1

    5b2d249bb200c39293ae95f14aeee41db2a76902

    SHA256

    30ff968bea339503de10d2b6e1e7cb06b835d9face2f40b0a0ff0ce7b207cbd0

    SHA512

    2b342118b3f315b30b48474c04436fbc6c121cfa53deab314a168e19b11b4305275d0e0e9b9870bbd15514e157f996b110b6587cc70ef8b57f11e7683cdfeccf

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    238KB

    MD5

    387ba98178119cc67c97131bbd4ef223

    SHA1

    345b34945e28294ad82f6c2873c08375c388b883

    SHA256

    9fc33f558434667b17ebde58a61b7e90a063d129bc16caebe169965272177182

    SHA512

    358e4d688e1e681b46b911e14a63295015c34d1258c67d6f19670a9d14d9d8c8b9c391ed0c7bbf8e5c1fd81fc83597ed175c6db31fbfb35cf75892fbfb678202

  • memory/4128-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4128-1762-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB