Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 05:05

General

  • Target

    d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe

  • Size

    59KB

  • MD5

    d792f933b6e502ddb1f4da31944e4ca0

  • SHA1

    9a6b925ae5d9ec669d096548f250814a4a10171b

  • SHA256

    7b6f6139177eb52725c8aa6c789db560f9281f38f8b5941c8f7c8de404d16de6

  • SHA512

    8e77ade8294e15c9069598b0a3ea2020c7028a0788f696d45bfa65e656bc4ecd8970667d24b038c0beaa7fe922e302e7e8f5a9c6f1911ff4215cc7a14c837cfe

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsxe+eX7n97ns1o8k1o88:KQSohsUsxe+erZs1o8k1o88

Score
9/10

Malware Config

Signatures

  • Renames multiple (1164) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

    Filesize

    59KB

    MD5

    d35546b486ed9d60db3510a42bfabdca

    SHA1

    1398e255c4cd5b64734c18dc405a2781853e985a

    SHA256

    435758e9dd5fd4696524b9c4665ad3f00af6857b7044f60aa4845f3f7f400863

    SHA512

    2522acdd7985028a36e9d9d7edf7182ab3956828d53fffe695e9b94525673b863334d553be759727d12711765d5edb833fb25a348df284d7a51d55f817ddc681

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    68KB

    MD5

    58f70083ed75b94f59a498ac6f814c9a

    SHA1

    96850fe9139a1ef77d142bbc14a41ae3250c8bca

    SHA256

    060bddeb0d8152b7cfd70a18b340bd0a53ba828841b81bb6ce70feaad3ba27c5

    SHA512

    3659a2ca92b87dbb36827a4aa0ad908ccd95a0cc5e791214db3657b5bca97cecf3274d7d2226cf3b668772089f51c9918659c1e588f447f79bc73dc119e67b82

  • memory/2852-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2852-26-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB