Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 04:23

General

  • Target

    47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    47fb26a32c9e504cc94d324cb728a3b0

  • SHA1

    1d2e46aea964d770b6e95de5efd6fc5e8281c00d

  • SHA256

    a49cb34aa05023fcbb24c375e983652c3143c5a6f60763a84f05828f682a47f4

  • SHA512

    20b7e750fffd8fa731b841a51c18daeef7d70050be78c0eca215215a25bcec8577205430be103ec8b54d6bde9bbd15439d21b5aa8cae6472c33f64481e8c3983

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhj:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsq

Score
9/10

Malware Config

Signatures

  • Renames multiple (3450) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

    Filesize

    80KB

    MD5

    e23d8891ca744851b20bab6229daaf76

    SHA1

    d3ab125165d6cc905a1c4eaf3a8709fc1a31453a

    SHA256

    4c6b33b8e67620ec36954e10803d35b27cdc3913709b984370ab8ac22a5d8445

    SHA512

    d804da59045a5c42cfa009b378fe78b9da405dac84e27450f450bfa99c08bc629654c120d63c47666e0f11ad875277b6bef41e9bfeccd5415c9033cbecd42a28

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    89KB

    MD5

    3aeca3acf61cea3fd10fb496b6d908bc

    SHA1

    db1facd0e89a81c48d325eb4e2d5b5619c5d2ae1

    SHA256

    b41f85e0d0401d6cd89388f676956cc50b9278d3a4781e2580a7abcb4e08d115

    SHA512

    0b5c0f24d84914c65541b4805eb936f3733f83673b3d5589aa4694ffb937a7da85bd1e66f6281a2c111ea2dbb20a74a8d6bbe20acc7d946fedda2ac582b44b8b