Analysis

  • max time kernel
    150s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 05:58

General

  • Target

    daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe

  • Size

    967KB

  • MD5

    daf9ce949fa49db91d48dfedcf6833e0

  • SHA1

    84586a9ed69bd42fe9992c697c30dc991e6d0530

  • SHA256

    3bf851200edebdf4a6642fd36ef53946dd671c1be3c5f52d4623f02e57d1120f

  • SHA512

    9616feef093d813c772c6f90f02b9d65e2faecc814a945bb4c019807ca2745f4ff2ad618d1856e0ffd6505064c705c957c8926949e4db7c5b84d1d3d74295c75

  • SSDEEP

    24576:VIDU9BiDVCPGccbubHu0cMGKNkwl0+r+tESyVbEFfc4KccyMAPFmjPkWkhCkhVvf:VIT3

Score
9/10

Malware Config

Signatures

  • Renames multiple (2124) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

    Filesize

    967KB

    MD5

    7de25cd7a957ed0975bc4be9023235f2

    SHA1

    05e05ee80ec03c4372c99ee2f4e77bbf4d6a3140

    SHA256

    99b1211f47d9d9b092255c5babd50d6b632e6873d029d897cbc3d50f9bf6b352

    SHA512

    be350f5126ddfd38fbd6d04cc7d4e4ee638105ea6841dc25043bab41f3f2260a2e4f30a0084a2151a5118428e4d1c71c6c25e91d97a713124ffb62454d0d42b1

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    1.0MB

    MD5

    b007864365684c55b447d097e6714cb9

    SHA1

    47087f1cd004963a54f2d4d05b2a39faad1bad91

    SHA256

    34085f9412b56562abdb90154025be5bc767810e37f60fd3be7e12383465c47b

    SHA512

    223f8d1319c12221623ff51886b055c9cbef71b6b304f10984ad4aa1e1f91f62bb9068d78101671c0f0e59550205738d3787d84b3452e358e13e9ef842bfb4cf

  • memory/2192-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2192-842-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB