Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 05:43

General

  • Target

    da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe

  • Size

    59KB

  • MD5

    da0288aa5455216d53cacc8e1e2ba570

  • SHA1

    13a965e9e1853895d3b9374a793de6ed374cee87

  • SHA256

    f44d5fe798ba5525729ff6d2b7263488fdd18524881894cc4b421f3cf0caf0cd

  • SHA512

    8206b2a0ab9a944fc3432c3e15479fff3be847e9c17de2347058bef6052dfb609c83e1899c1304f0aa4ed231675878a1cbf6503cabf73c8dd9c75715da929cb0

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2Ir:KQSohsUsWU9BK3r

Score
9/10

Malware Config

Signatures

  • Renames multiple (4823) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

    Filesize

    59KB

    MD5

    ca54310239bcb3c98232c04d9d6bd24a

    SHA1

    cb27e71e463c055e0589e9df4524f5a771b62877

    SHA256

    bea2a98fb9997ee962557301e48d32a6c5ab05dd3f3147f34c035c22db2295bf

    SHA512

    caf25a7b225bb3e20e411581059cac5a8fcf9fc23768f952907574abb8ddae72b9b7bfa1ef14e8de56b44d87ede07a16f835eddc3f5fb5dc22a9dab42855a3fe

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    158KB

    MD5

    663292d2afefc50c90afff3d53d03f2e

    SHA1

    3501eb71ab2735abb0bdea05a3d78a7c0157b1fb

    SHA256

    538ea5b06f4bed441cd0c7ba62d7b59c01d9d2b84587799ee427fb752a6abda2

    SHA512

    717a86b6746a07bab75b9713a4346345397445ccf5286f997eac4b8020f70d5a3b3fb7a71ebea9ed55d4e27d7c04725fb35f0fa12755cabf9c9dd17f02c1a7fb

  • memory/952-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/952-912-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB