Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 05:43

General

  • Target

    da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe

  • Size

    59KB

  • MD5

    da0288aa5455216d53cacc8e1e2ba570

  • SHA1

    13a965e9e1853895d3b9374a793de6ed374cee87

  • SHA256

    f44d5fe798ba5525729ff6d2b7263488fdd18524881894cc4b421f3cf0caf0cd

  • SHA512

    8206b2a0ab9a944fc3432c3e15479fff3be847e9c17de2347058bef6052dfb609c83e1899c1304f0aa4ed231675878a1cbf6503cabf73c8dd9c75715da929cb0

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2Ir:KQSohsUsWU9BK3r

Score
9/10

Malware Config

Signatures

  • Renames multiple (3684) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

    Filesize

    59KB

    MD5

    8e734cab91f187893fedb2fac6ce904a

    SHA1

    c2a925d6c9eadb09b74dece2476bff51e6368d3a

    SHA256

    34dce47a0a523f44e2f0ff8ea4fce3638c548449f2195d6147b15c812a30d60e

    SHA512

    c7401a4f286729aee4e1cf98f6b79e1af616ddf6945b54bdfae8e4702dfcff9286600b860d03253e0c18c2c68396d6c855a0c4eef8dddf5482de7331299feff2

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    68KB

    MD5

    39a47a25cad0f1d312f255500f858017

    SHA1

    712127d86e716d84e3f4ae23ce363e4d05ac6b2a

    SHA256

    01a396706d98de06c4f4da15a35677171eea8f8c7b947824e1887c8b9dcfd8f1

    SHA512

    46c45a207c4f99ad9c42fdea34959181cf950f512579bd1fc1d8c8bc151cc70af4bafc4ff3dd2ce11eda2c0f109cf7b2d92724d6e5e6de6fe7cf742654c22e87

  • memory/2268-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2268-86-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB