Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 06:04

General

  • Target

    db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    db54a25d70caa3fa59b76fd7b13df520

  • SHA1

    a4158ecf206b3c756a8b13598db8091133de105c

  • SHA256

    26278f863b7ff76950b90623c1092e6851841908ed231d2123940f2dd12b90fe

  • SHA512

    3abf4d7b706b78b274a17fbf12e0e8e8de09f08b5bf637e2f275287c25347b57beca4e26946de1bb8275438425a82f291863182e0b96abf9166bf1db176ddb7b

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh5:6pWpUFpEhLfyBtPf50FWkFpPDze/qFss

Score
9/10

Malware Config

Signatures

  • Renames multiple (3433) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

    Filesize

    78KB

    MD5

    41742e45afc725aee87d2c4243b0081e

    SHA1

    6f2b4b440b9dc8dcb8bd38710aa8f2598b8d448b

    SHA256

    2fae597420c0c40f5b3bcf49fb92571389e01380a4efeeb88794fd5b125ac8cf

    SHA512

    d3b2954d9cb719fd7e682018981c38ebdf58622dd75b68a117ea26f800165a9d5c31786fcb83b236b048061a730189964aba217ba4ba3e94dc9b04bd95bcbb89

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    87KB

    MD5

    89b04cb9af056081da6efcdf5c8c3967

    SHA1

    5b2ffe4ab997c85a6bd7f0fccada142540f873a8

    SHA256

    40b332b1580bb595616468401cc7f2a403389e11d82acd9ca271319234799223

    SHA512

    b86a25d50c9b8070ac2c6c3163f65c36de6d9512e49b9f3c0e024c02860afd7bf5a8434f8fb580c802adb22cb9bd18ab4da5d6a09763c218cdffce3085858991