Analysis

  • max time kernel
    150s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 04:23

General

  • Target

    47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    47fb26a32c9e504cc94d324cb728a3b0

  • SHA1

    1d2e46aea964d770b6e95de5efd6fc5e8281c00d

  • SHA256

    a49cb34aa05023fcbb24c375e983652c3143c5a6f60763a84f05828f682a47f4

  • SHA512

    20b7e750fffd8fa731b841a51c18daeef7d70050be78c0eca215215a25bcec8577205430be103ec8b54d6bde9bbd15439d21b5aa8cae6472c33f64481e8c3983

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhj:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsq

Score
9/10

Malware Config

Signatures

  • Renames multiple (4773) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

    Filesize

    80KB

    MD5

    329ae0cc6daeb7d83074f03e035fc554

    SHA1

    67f88e5bdc2210c4c22ae08b477c10801e556505

    SHA256

    633da2e4c2e26e6ec0942c995e4001cad19cc781eef880ac15c55ea538741be9

    SHA512

    ae15bd3318de217d99799cf38b360abafa1492dd86a672edb615b403ff7597ca29914190abf5ff96055ac91b21cfb5ae8fcd3c52f27e489e2a4bf32a112ce89b

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    179KB

    MD5

    7b01e96041ffbb323fe15fb5db645618

    SHA1

    1a973bfa689967814fd3bc801329f650222eda44

    SHA256

    e1dd718e3902e0bc92c554f6fdebc4d141c1354e3e673e1c50b91305d736a576

    SHA512

    ac18e86040c5370a43ae867e17a8d0070633e3590d7de6c2a93320e8561566c2830e0cc260248c1803b3d3afb2b4910fb0d22e3ec1279c86f382001fbfb5bb1b