Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 05:49

General

  • Target

    da7486da7327c4769639c111f7717230_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    da7486da7327c4769639c111f7717230

  • SHA1

    3e6dc479f5dbeba1afba7eb4d6f2e5292120a9d6

  • SHA256

    cdbaa27ed9be250b3c12e962d3338996bf47c2fcd3aa9432db295bf318eb5509

  • SHA512

    2a373dfb4fc9a54ee0386701f794856f683ca24c7c8719289d3dd6b60e2ed9ad3d92a63c8372d7170c70a383f5438ef04e4d6d29fcfffa96b6957547804b2fd2

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz7:CTWn1++PJHJXA/OsIZfzc3/Q8zxJ

Score
9/10

Malware Config

Signatures

  • Renames multiple (925) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    830485d7005dff8a9e2ed45c33c67196

    SHA1

    0b302c6031df4ce3e5aba7ffff44e7ec105a0ae8

    SHA256

    b68a2abe2511caf0af1a19055d55ce8be02ad63de5cab8a6e8d837c112a739ae

    SHA512

    38d1100cf496b7512e62f9735a70720f68e4608d132d227ea5ad5966f8351ce7587ed9fc54ca1022a77b9e01de7ca868df301f955ce4771480854990548312c4

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    55KB

    MD5

    3f8731253c20b96b9c16ed8ef535f205

    SHA1

    fe56cf94e1f46d7b975960e901fa9ede26152e02

    SHA256

    ada3404e5cd3699dcee923221222fec941e4c8801b474dabe1cad76148bda710

    SHA512

    c8431152618f76c2919d652ffac9cf9534c3eba8d957025e308a88f554c3fbaaaabbf04d2704e721ae42f7c5bf2b5b142d54ede2da9a53538643634a07bcc424

  • memory/2540-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2540-26-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB