Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 06:24

General

  • Target

    598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe

  • Size

    75KB

  • MD5

    598b973af9c6941a76fef2ff689eaa00

  • SHA1

    720b1f28c45810c4b5eefa8a53af7c0261db26ba

  • SHA256

    7417ec430bd2e37df96676d2171c84c852216b3c46dc529631c1f5a6896d1fed

  • SHA512

    98161ac1c82ff6ff6a7f7fc62fdcf94d9f4cc2305a4ea7fce10b3472b8a5c95a6ff48cf9cb8b341c6bf22e310f61296bf2db9a37c4feb0b99b2228fb2ad59ff4

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8s:fnyiQSoP

Score
9/10

Malware Config

Signatures

  • Renames multiple (3404) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

    Filesize

    75KB

    MD5

    815bea5f05f61146968824ebf4853673

    SHA1

    4b7cd4451ce21c09d59cc53582ac2162254376d3

    SHA256

    f76fff594d2611bbf07f346f86282f127c97730fb8b78e0392b66acdced6860d

    SHA512

    04a92da48fd2cdb1b82c0ae62b230681dea0a15ae77236e2440045c48c41a3d69a0e06271259e8948432212e05eee37856179d630da77a902a31c501c972e9d4

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    84KB

    MD5

    2bc90b8f6227e1ef0b6c8c9a0d0e3b88

    SHA1

    f607b266425137ce0080cae51ae4aba0f0ed9649

    SHA256

    9fa2fe383709a569a17918570215985e654d84a28dfd0e889ce23acf2d62bdae

    SHA512

    be1e4c390124fc3b027b36f9971f5ef25dc8bb1a43dd68c0f8f4608ae62d1445f14abdeaf26c69440a7efae9bb5f2f1307824defb15ceaf9592405b0b69e5cc3

  • memory/1972-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1972-382-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB