Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 06:24

General

  • Target

    598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe

  • Size

    75KB

  • MD5

    598b973af9c6941a76fef2ff689eaa00

  • SHA1

    720b1f28c45810c4b5eefa8a53af7c0261db26ba

  • SHA256

    7417ec430bd2e37df96676d2171c84c852216b3c46dc529631c1f5a6896d1fed

  • SHA512

    98161ac1c82ff6ff6a7f7fc62fdcf94d9f4cc2305a4ea7fce10b3472b8a5c95a6ff48cf9cb8b341c6bf22e310f61296bf2db9a37c4feb0b99b2228fb2ad59ff4

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8s:fnyiQSoP

Score
9/10

Malware Config

Signatures

  • Renames multiple (5198) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:220
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3468,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:8
    1⤵
      PID:4756

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

      Filesize

      75KB

      MD5

      85262b8c456c75c9b6309b79a999efa3

      SHA1

      f4c8519758468f2e89b216118002fbe9fb274031

      SHA256

      45f3bb3c09e516f28f13fbfc42149bb69569b798c0ce48dcb9e5c00e21bac872

      SHA512

      4eb0f1deeed2f5d1748a2605e5319f399d9e1f8bd6abfe7a0efa16675b7354c595316f6d7b0421c90d6c335d75603fbb4109a13873aa00be0c35c1bd528b846b

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      187KB

      MD5

      ba9b7ea7f2a1365cd3f23f92c407bfab

      SHA1

      deb77a94d22c7e7be7eaa9d0d2aff53b0d81f690

      SHA256

      363f21923cc222429cb9a8650159a94af0b90cbcd1852828b227c006dfc377e5

      SHA512

      5dda7ce7aea659b29a3e1b7413fd371e4373a14d077520fb2444d265d8a84314430db4ab98caa5e4cf79a2bc2f56d2c09f012073db3e1d360d919307939e485c

    • memory/220-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

    • memory/220-1926-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB