Analysis

  • max time kernel
    150s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 04:55

General

  • Target

    4cbeef6ee6f45e5b1404f6dfd19c4b80_NeikiAnalytics.exe

  • Size

    69KB

  • MD5

    4cbeef6ee6f45e5b1404f6dfd19c4b80

  • SHA1

    774bca1000781a5ce9262d168f4bad89ed9aac81

  • SHA256

    f4bd9a50728d072ce3bd3687059dd43da1227923646c85804deed5c45ae0b20e

  • SHA512

    db26fa9045d984b61d91a988333a4c69e80d48e3f7c3158073b45f187a4b48edda65671edd21c4dd87a46638e4791845a8379f493aed7309ab3ad0c665c25d04

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8Oyg:fnyiQSonyg

Score
9/10

Malware Config

Signatures

  • Renames multiple (5246) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cbeef6ee6f45e5b1404f6dfd19c4b80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4cbeef6ee6f45e5b1404f6dfd19c4b80_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

    Filesize

    70KB

    MD5

    dee036845df50ee3fa4977e7680424dd

    SHA1

    f920007a6610458ed09dd3f8d6e9ce14e4c35d8b

    SHA256

    c7ae2b0c20f2c1c99f86400e6e1e0461f8ebb48db007be6f994ccf071a469437

    SHA512

    555486569dad5127fd76ea56bdf296d4991f48d2a6df684d03bf8ea0dfe2be95b0e3e8e04062bedd6379a1923b15216a8f90bffaebccdfe7db4ce9d049279a2b

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    168KB

    MD5

    b22bc3eec696956e173411d1fe5b4921

    SHA1

    7b4351a256fa05c45d27d38b56285043042d623f

    SHA256

    d13893de73fe87a9778b7f68a687f443d613c814f2ad055fd158e9dc847d0bb6

    SHA512

    318f108c09a2914dc6efeb9f8c249c3ddcaf127696ab5b9afcf26de36bf8ddb72f0a18eef2f7a6219b60a34f1aed84bbc60386250f86b1a395886d2a7694b7a7

  • memory/1920-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1920-1972-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB