Analysis

  • max time kernel
    150s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 05:09

General

  • Target

    d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    d805fd94cf86a291f5911e126d5444c0

  • SHA1

    f4e7cf02936036c708b7970a304b18e14834c14a

  • SHA256

    5fba1c01371ea0f80c462e948aeaceb64e13c8c74f6cfc050ecea6117da65e9c

  • SHA512

    cf08e9ca4a4804af8d498bf0b10305786e7fb357e56380b1e5ad2ed02f446e8497cc0405a75167cffc5c5ec031077438de4622b521db64e788ef5f1055abef26

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhs:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsd

Score
9/10

Malware Config

Signatures

  • Renames multiple (5233) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

    Filesize

    74KB

    MD5

    f7ecba6fc443108958d4b466f0f189d0

    SHA1

    46128d1914db71aa4e46388c32bcf5f934c9bb85

    SHA256

    0a2a4820a8ea058a9c5f28fc8616eacac67f01b41ca560b306f4d6223a616d90

    SHA512

    11b548b6ab3e64c030d720358c9aa6382e4110c5e5c45cb87985a6668ad7e2897464e0892e315f0a08dcd58fd5d38a9746bc3f0c65832b58aea92c3bdb3f5b33

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    173KB

    MD5

    85f8a02db1a33cb6643de303cec2a7f5

    SHA1

    35abc65a6e59c329f098ba01a82529c26d9e5a88

    SHA256

    7868f8c9c0609fa9a3c4f01c7c85e4843f45009d0463a93862ab1e2a76b6081b

    SHA512

    1e8a7951e941765d2f0fd161f69c40f2f168396fb449c9b219755e9ec627fce81740c48967a3dac8cb3cb7c159bbf8a3bd62dcfd8ab183577b6de5c5b604b0c5