Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 05:09

General

  • Target

    d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    d805fd94cf86a291f5911e126d5444c0

  • SHA1

    f4e7cf02936036c708b7970a304b18e14834c14a

  • SHA256

    5fba1c01371ea0f80c462e948aeaceb64e13c8c74f6cfc050ecea6117da65e9c

  • SHA512

    cf08e9ca4a4804af8d498bf0b10305786e7fb357e56380b1e5ad2ed02f446e8497cc0405a75167cffc5c5ec031077438de4622b521db64e788ef5f1055abef26

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhs:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsd

Score
9/10

Malware Config

Signatures

  • Renames multiple (3433) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

    Filesize

    74KB

    MD5

    1544ab94e7899fa7ed0a4a98cc8acf16

    SHA1

    22a265b5825b6092f56baff144cb317c594e7450

    SHA256

    1742d3a4af4612f911aa3da077c9e2c7345180cd49d951ae8e4bf4853ddbcbbd

    SHA512

    8d96512a408739657ba242b91829cd5238c139b42f183019f307a7872f0ef219e1bb28ab5f8139cad875b78b94c9090740339db5d31f33a4f8cdcceac8386778

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    83KB

    MD5

    e0ee07d3289926606631ef3ae7142966

    SHA1

    ca17a180b39b85d7228675be56436474526dffc6

    SHA256

    664f86d0e7da270870d49f374c395a18baba39f5187db50c7a2b656ed494b62c

    SHA512

    e652bddae3a8526b6434d2d323c165c59e3c3fd429390c0db8c85d35931bbfb3957a9aa7d11a016d15c6285da6f9e141f7b53e6fdd8e758e2dffadf1c2c5d784