Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 06:04

General

  • Target

    db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    db54a25d70caa3fa59b76fd7b13df520

  • SHA1

    a4158ecf206b3c756a8b13598db8091133de105c

  • SHA256

    26278f863b7ff76950b90623c1092e6851841908ed231d2123940f2dd12b90fe

  • SHA512

    3abf4d7b706b78b274a17fbf12e0e8e8de09f08b5bf637e2f275287c25347b57beca4e26946de1bb8275438425a82f291863182e0b96abf9166bf1db176ddb7b

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh5:6pWpUFpEhLfyBtPf50FWkFpPDze/qFss

Score
9/10

Malware Config

Signatures

  • Renames multiple (4849) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

    Filesize

    78KB

    MD5

    c9a125baba056e8cfb5120d7b526493b

    SHA1

    0297df849d7464a82e7b57e2c156e4b9d364538c

    SHA256

    57f5d4a221580563e393407b4f26d8ef5784efdebad116fff3520eb63f519ca1

    SHA512

    dedb96694d53642cc86b92801e17474aff3c827e10a6fa0000d1d134dd4da6d92f4672390a5ac7267f46817e4c6536597e2839a92e5046477fac62f1c825e443

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    177KB

    MD5

    a06571df75895d16ab32e1a3de2b9375

    SHA1

    f0e227ac084c9b6970dd3aac00b311006310eb10

    SHA256

    42ac40288f5808b3790c7256ec23f06c607b9d24a6bb1b4b44cff9c32e79505d

    SHA512

    84a655781eb77aebaff511eca63265864984002b4817ebb798818ddbcaa99d3a339fdc7d96ef1f962f248da313eb16ba575944548369a6c164eec72d5cc777a6