Analysis

  • max time kernel
    149s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 05:07

General

  • Target

    4e8a54524341e8ccac37bde9127e16e0_NeikiAnalytics.exe

  • Size

    80KB

  • MD5

    4e8a54524341e8ccac37bde9127e16e0

  • SHA1

    316db8ed8304d267d489e13f667fead89305e356

  • SHA256

    a5ebb6f336b6495c0674ccf8b9a925b869e7640cb2c7409db1d5ebdc8f94e4c4

  • SHA512

    06d1bf3b279892c291af402c732d5a853f37afa0e43cb7f59e80902e6dc431e121e0e1f0f85f690c9b3d622748c11fe65a33f21fe245610375669221a93cd7f0

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSj:6e7WpP9oVLQthbYY9oVLQthbUvQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (5187) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e8a54524341e8ccac37bde9127e16e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8a54524341e8ccac37bde9127e16e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

    Filesize

    80KB

    MD5

    36be659746f275643d792c1174533f4d

    SHA1

    af1a545db7051dc266fbf0a56139ef764f01da8a

    SHA256

    ddc11edaebd3d162c3cb3f208378a834214e09f2f03f665ec7d98a023a96440c

    SHA512

    9ce4a523b74499a148b15dec7902f75b141758502b2ac61c41c4af978dd16a74cbdf73d4cd2a498198d07840406da0315fe32ba6dff98ba693172272035afb94

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    179KB

    MD5

    1c84d43e4a626dc76333216c95b23e8e

    SHA1

    252e35d92a39e2020ab44d9193dc7707f9904cc6

    SHA256

    d9ba6b5b2fbddc6cade4a8b7f3e32a841dcf5f4c1de7b0ed1bfbe289d3a21477

    SHA512

    413e86ca5305b7d0294d4be7f4f1df613187d889b42664bf38c6d22c04101b70c3e263cf12d0952c018869988febdefed4e6f5de33bde12aa3a82667d6aa4151