Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 04:55

General

  • Target

    4cbeef6ee6f45e5b1404f6dfd19c4b80_NeikiAnalytics.exe

  • Size

    69KB

  • MD5

    4cbeef6ee6f45e5b1404f6dfd19c4b80

  • SHA1

    774bca1000781a5ce9262d168f4bad89ed9aac81

  • SHA256

    f4bd9a50728d072ce3bd3687059dd43da1227923646c85804deed5c45ae0b20e

  • SHA512

    db26fa9045d984b61d91a988333a4c69e80d48e3f7c3158073b45f187a4b48edda65671edd21c4dd87a46638e4791845a8379f493aed7309ab3ad0c665c25d04

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8Oyg:fnyiQSonyg

Score
9/10

Malware Config

Signatures

  • Renames multiple (3685) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cbeef6ee6f45e5b1404f6dfd19c4b80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4cbeef6ee6f45e5b1404f6dfd19c4b80_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

    Filesize

    70KB

    MD5

    8a3ce4b8c35dd33860afd59013269132

    SHA1

    d70e6838fb5853684624e461ee274b7f516869aa

    SHA256

    e182bd73ac5ea5f6ba45115ab7f6ead8e4f399b862ee41190de000c7e0d90dd0

    SHA512

    83f7bb143b3b4f5bc1239d0c01a8af8e54aebd715cef0059862bfe5c282b912bfab8f59b5fcb9426ab06e1bab22f68e01f5abd8906c0d0073aa136e56fd0311e

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    78KB

    MD5

    5982da83980060da0412311af190688e

    SHA1

    f810ce3765d33b74fc635ade6172e48a429373b4

    SHA256

    3bc19acff681c4468b491025f57c592ee824dba7bfd40f5f6812211c391bc999

    SHA512

    84eb058bac0ff51fd9bcb4ede2c1e598919e581131ec74341b8b5bce1017546a2e47d475da4c7df78aa06d1df3b8d3ab824cf7f083f0b24bacf81e4f81eb776f

  • memory/1212-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1212-654-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB