Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 04:28

General

  • Target

    488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe

  • Size

    92KB

  • MD5

    488f76098a557fb60ad2dd2519ea9f80

  • SHA1

    6a351f08f4dece71687e2ed850b530246ee7276d

  • SHA256

    719d949878c9848b40bb8cf8b9099cefeb61dcbc19aa9aa3bce2c34aeacb1e09

  • SHA512

    3a7404a89685d78c4e485bd7cdf6add36b5fd5f3385790918d8cdf689058e711ea0e0c2f3ebe6cbe4f26869a3c4aeb3443d9cafc0d055ee35a967a94aa90d28a

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8RFUmXm9sprayj0FZ:fnyiQSozmqswyYFZ

Score
9/10

Malware Config

Signatures

  • Renames multiple (3437) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

    Filesize

    92KB

    MD5

    bb35618a5b0e7a56885bbb334e5745ca

    SHA1

    2d7eb431e1b6ab4528ddb9f90ebfa6b630e46d8c

    SHA256

    a229e91d180f05eb851c2e3f354abcde251390275b5bd9fe35887ef142c5d0af

    SHA512

    27e0f8ab63adb87c322d4685634755dfd204b4a8cef8258c7d3d6361b9641d8512d482cfde46ec213b841784ed5cadaeefba25f8d3117f098dbf2e7dbb848e62

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    101KB

    MD5

    61158da31abf6f7e9fc032f162cf4089

    SHA1

    f5fbe4c02421b5288c944ac79d7bb8230aeb7cce

    SHA256

    f83a3fdfccaa4cfb0ffdf3456d09284ca475075f9afcc2e6b8724c98dcd3f8dd

    SHA512

    1acf13309e0e898e5e306d1c3880cbc49148f0eaeb1ca93efa14281a44cbca9d9c661e3a50522a06e9866cd931a160bd29410a4420c88a0fe042f5086d412078

  • memory/1704-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1704-534-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB