Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 05:07

General

  • Target

    4e8a54524341e8ccac37bde9127e16e0_NeikiAnalytics.exe

  • Size

    80KB

  • MD5

    4e8a54524341e8ccac37bde9127e16e0

  • SHA1

    316db8ed8304d267d489e13f667fead89305e356

  • SHA256

    a5ebb6f336b6495c0674ccf8b9a925b869e7640cb2c7409db1d5ebdc8f94e4c4

  • SHA512

    06d1bf3b279892c291af402c732d5a853f37afa0e43cb7f59e80902e6dc431e121e0e1f0f85f690c9b3d622748c11fe65a33f21fe245610375669221a93cd7f0

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSj:6e7WpP9oVLQthbYY9oVLQthbUvQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (3541) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e8a54524341e8ccac37bde9127e16e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8a54524341e8ccac37bde9127e16e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

    Filesize

    80KB

    MD5

    ed9fd8196f2fd3acf058f1e0e4c70b4e

    SHA1

    3a5be5528da0c88b80dbe82aa4271131207da75a

    SHA256

    0cacd35dc194d2d5c2ad2d163c075178a4196b3abb8080c0ef270a0cf2ef3d5e

    SHA512

    20f1a8d9ce998a9b4e2c1bbb25e279810a6b58bb11f1edec4ac4733850ed2779dae15954d1ec8e80fc1255608a5d3013c7674fd3317d89f8dd376533267481ce

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    89KB

    MD5

    6fd46629d6c624ba01f007dabfd1c6cd

    SHA1

    19b7e2343147123c0fff7b2e5f15dc53e5431ec6

    SHA256

    1144cc4e5c246b744789192d116889073191fb0f0758ff42bd18b695f0e185ef

    SHA512

    e096717f7b87d37f708ca6c055d17a02cd45bbadf7accd71f7b77107297e97c30bd8736178f98eed0cc77fa74b7d48c39e00216c7d9fee473c8e1ab8ca8d024f