General

  • Target

    3fa46b59415998d95222fc4088ee4090_NeikiAnalytics.exe

  • Size

    91KB

  • Sample

    240617-d19dvasbnf

  • MD5

    3fa46b59415998d95222fc4088ee4090

  • SHA1

    bc5c542f0fe30583e6b4c38e10caaf73bc731c8d

  • SHA256

    1c0656010bb85aa063c018c47704b44ea89c1e2457eaea133ea6bb9ce5c680bd

  • SHA512

    ffe173838a77d2085b071663804cb7b089a62110cb9ec723d9f5957417e13f75e3870f111282b74a3c239d1a32e93d801c8d71a5d57c955e2653c6627bb0e42f

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8wTWn1++PJHJXA/OsIZfzc3/Q8h:KQSo7QSoS

Score
9/10

Malware Config

Targets

    • Target

      3fa46b59415998d95222fc4088ee4090_NeikiAnalytics.exe

    • Size

      91KB

    • MD5

      3fa46b59415998d95222fc4088ee4090

    • SHA1

      bc5c542f0fe30583e6b4c38e10caaf73bc731c8d

    • SHA256

      1c0656010bb85aa063c018c47704b44ea89c1e2457eaea133ea6bb9ce5c680bd

    • SHA512

      ffe173838a77d2085b071663804cb7b089a62110cb9ec723d9f5957417e13f75e3870f111282b74a3c239d1a32e93d801c8d71a5d57c955e2653c6627bb0e42f

    • SSDEEP

      1536:CTWn1++PJHJXA/OsIZfzc3/Q8wTWn1++PJHJXA/OsIZfzc3/Q8h:KQSo7QSoS

    Score
    9/10
    • Renames multiple (508) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks