Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 04:50

General

  • Target

    4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe

  • Size

    211KB

  • MD5

    4ba9789a0d6ae00bd5516766dd9c5460

  • SHA1

    88a423811af7d06540438a90cdbf060c6a6d4549

  • SHA256

    fb870e33245aa45e14a0ffa9bd62b04b28c23ad98a8acca970f9f4a4d03b17ae

  • SHA512

    6f19aa7248023d9ea904408814767ee5f81d7b88c0687b3ebd4c360eca80eed5c8b902ab7521645d1e269ea24d82bb7e28ec92093462bb47f73b184138a15a56

  • SSDEEP

    3072:fnyiQSoXE9tHpKrvGCLOwstyhZFChcssc56FUrgxvbSD4UQrO2Exq:KiQSo095pK7ShcHUa1

Score
9/10

Malware Config

Signatures

  • Renames multiple (3286) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

    Filesize

    211KB

    MD5

    595d1e5910742e62dad01ef3952e60c0

    SHA1

    0ef2f0c61c1a404c7ba100faaeebc254e3ae47df

    SHA256

    2c65eb0219846bab76f5d5c1edb695684e54757f29ce4dd6ca1bff3398154ac8

    SHA512

    c5743a7961b6b377ade39aad3027afd2c185f9beebaa0fd3a12ad515be9cbf4ced3fc3d3f108778e7371352872f48c6b08b478cb07d4c38b7615fcd73a4aec63

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    220KB

    MD5

    64124afeeac441185e90a14bc3fcb5b6

    SHA1

    aa319ff68292cb1a123fa4ab8961ff2dcaef85be

    SHA256

    0f76f52ae6928f13be2dd75a6f2e694b66f7d7ecd3d9bbfedab3e013e7ae324a

    SHA512

    e44bcbc9f8779a1a7f3113e58bf4f8a693b2ee6d63a8646be9068b9aaf90423d367b77909aa668ae20c09b04b6b42818570c3820fb4611e2a590a8cef4774d41

  • memory/3012-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3012-642-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB