Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 05:05

General

  • Target

    d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe

  • Size

    59KB

  • MD5

    d792f933b6e502ddb1f4da31944e4ca0

  • SHA1

    9a6b925ae5d9ec669d096548f250814a4a10171b

  • SHA256

    7b6f6139177eb52725c8aa6c789db560f9281f38f8b5941c8f7c8de404d16de6

  • SHA512

    8e77ade8294e15c9069598b0a3ea2020c7028a0788f696d45bfa65e656bc4ecd8970667d24b038c0beaa7fe922e302e7e8f5a9c6f1911ff4215cc7a14c837cfe

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsxe+eX7n97ns1o8k1o88:KQSohsUsxe+erZs1o8k1o88

Score
9/10

Malware Config

Signatures

  • Renames multiple (5117) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

    Filesize

    59KB

    MD5

    7f180ec7bc10dc1a1b20bc5701327cd9

    SHA1

    ad0a899df66f910e3718eb9d7b0426b237cf9f18

    SHA256

    a2b2d658c6dc79d9662c96abf5fda59f52827ed8dd5b69ae3020ec7ced6ae093

    SHA512

    00d35c0bc2886eeb184d214a7e416731da8ab5a46219865967d947181f301bda00d946f57dda2d72f0a2cca022c726031cc9bdf4ca8113ff69a3ca6e42188356

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    158KB

    MD5

    73d83ec6c67f57910fffd9696f30bc61

    SHA1

    5000a7eaae03e3039548db62a8f88b921cf352df

    SHA256

    00155754ab082832a3992392f2ffd9371c8429ce47324cb9600bd44d1585bb4a

    SHA512

    e24c6dcf804364ef189955a12a57897d091adcadd50b5b91561865f8a4a90bbebe6146d3648e225fb897910c9d4f3e9f5aa4f6788607bb0f06dfbf9d932ae3ca

  • memory/2276-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2276-1114-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB