Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 06:29

General

  • Target

    5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe

  • Size

    68KB

  • MD5

    5a1f5538116ce46cbce2e237487f52e0

  • SHA1

    07e59efb50bc0a6450dc289c41ef2622b1e7742d

  • SHA256

    2549f0a3ec3be98dd6d90977ebe7159e634db2d397516cb88d37e1137829b65b

  • SHA512

    5bd49961191be3fda8796f2b17c3a460d4d65e4893a6588f3e8b34d8e453d289e473d75485ec17ae7b64c959967cb19ba96abc431fc8818bf6241e38c354e62b

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8z:fnyiQSoY

Score
9/10

Malware Config

Signatures

  • Renames multiple (3737) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

    Filesize

    68KB

    MD5

    ca2911e598dbf0decc4e1246c7db9b1e

    SHA1

    7cc6757d22cc18ef0c9d1c932a0fafe0f001e3fa

    SHA256

    cfc15ff55228dfa5664bdc3beb179da3c655a5f05813fad0452c472f9f5f99e8

    SHA512

    9d9b3f65aebbb78ae7e344d78c1a5e4c6cc24f5099cd88cb4b1459392f40fd9ec6f29e572620a5ad651f87a139c1bd8d7dd15c9554f428db08d1811d4c072731

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    77KB

    MD5

    d5b6f44d16c69d6ff385247ec3120bd4

    SHA1

    049c9fc0f6ba6f3f01676dbbfe7bc636cae74eec

    SHA256

    5d951f01dd44318a70981f885d54bf868d44382bc3989b2e3862cf77a5f3c04a

    SHA512

    c4630cc102942ddda583e82e8204d4e26b3e4cb4c3be48c7af6435913f90ffd634e49f20cd1b26cdbb1b84dc46a72503f016d4b342f2771735acaff2775348e9

  • memory/1612-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1612-662-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB