Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 05:49

General

  • Target

    da7486da7327c4769639c111f7717230_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    da7486da7327c4769639c111f7717230

  • SHA1

    3e6dc479f5dbeba1afba7eb4d6f2e5292120a9d6

  • SHA256

    cdbaa27ed9be250b3c12e962d3338996bf47c2fcd3aa9432db295bf318eb5509

  • SHA512

    2a373dfb4fc9a54ee0386701f794856f683ca24c7c8719289d3dd6b60e2ed9ad3d92a63c8372d7170c70a383f5438ef04e4d6d29fcfffa96b6957547804b2fd2

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz7:CTWn1++PJHJXA/OsIZfzc3/Q8zxJ

Score
9/10

Malware Config

Signatures

  • Renames multiple (5194) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    55525bb17f6a427ceb54d035d852df38

    SHA1

    0a1810700fbee99fe1fcd491969625deeda79e36

    SHA256

    d4bfd127b36ce3e042ee95e171bdf05f7b7158f3009207960e0346c3b1337e98

    SHA512

    02931cf8d57122fdaabb6e05b9361960a4d9a1309326fe6301e4cee4938583aba5abc315b519f01fe1aac3607fa393209c5a0fc174129dd9df4dc3e89754c15a

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    145KB

    MD5

    ac9ebc48f69d879765ab618c359ee252

    SHA1

    c6f596eac30d0eff81fbf83b116fa85604f43017

    SHA256

    19e8535be541e5e8112ea0ae497981e8e391219bd6c092586d34b2d0f23f08c6

    SHA512

    25b0e508856f48f5a12aac746a07abdbe53f2f949cf8133e47ca25b87397fc0c4984aba503f1b17e9b0479b34ac0abbdc928d59c32b147b036be48578d9e920e

  • memory/2764-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2764-1122-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB