Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 05:58

General

  • Target

    daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe

  • Size

    967KB

  • MD5

    daf9ce949fa49db91d48dfedcf6833e0

  • SHA1

    84586a9ed69bd42fe9992c697c30dc991e6d0530

  • SHA256

    3bf851200edebdf4a6642fd36ef53946dd671c1be3c5f52d4623f02e57d1120f

  • SHA512

    9616feef093d813c772c6f90f02b9d65e2faecc814a945bb4c019807ca2745f4ff2ad618d1856e0ffd6505064c705c957c8926949e4db7c5b84d1d3d74295c75

  • SSDEEP

    24576:VIDU9BiDVCPGccbubHu0cMGKNkwl0+r+tESyVbEFfc4KccyMAPFmjPkWkhCkhVvf:VIT3

Score
9/10

Malware Config

Signatures

  • Renames multiple (1073) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

    Filesize

    967KB

    MD5

    26d52255dd75569cc7b939e385387aae

    SHA1

    bdf4b0ec95211255b89128cdb0fa20aeca60b5ea

    SHA256

    a6611a979f0e3f91dc346b19e0645420281f174f5e440ae833fb8a3f4d4f8e02

    SHA512

    b3a3b12605f51e2efb287c1e46f98fbcdf547c586332cb5bd245c8a64d4f1b1affe373676cca6ac99cd7dfe29477ec963ba7dd11b6f4b0038a822eaf90751759

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    976KB

    MD5

    03678e7e394590e58786a3c27236c7fd

    SHA1

    01ea282c053d8503e56f6018019451028d99ac4b

    SHA256

    5eba718f788bc6f4f33f32bf3b8c60a17e613d6d8157c92c709ea81644072b8f

    SHA512

    1693f0ddba9de20015b350f3998c89cdd8991bbaa695a5af60205c49d381f0818ae37ea6976fa06816a821a42e10b1842836633f3d1b211de9c50a8f851dec32

  • memory/2928-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2928-184-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB