Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 06:29

General

  • Target

    5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe

  • Size

    68KB

  • MD5

    5a1f5538116ce46cbce2e237487f52e0

  • SHA1

    07e59efb50bc0a6450dc289c41ef2622b1e7742d

  • SHA256

    2549f0a3ec3be98dd6d90977ebe7159e634db2d397516cb88d37e1137829b65b

  • SHA512

    5bd49961191be3fda8796f2b17c3a460d4d65e4893a6588f3e8b34d8e453d289e473d75485ec17ae7b64c959967cb19ba96abc431fc8818bf6241e38c354e62b

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8z:fnyiQSoY

Score
9/10

Malware Config

Signatures

  • Renames multiple (4865) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

    Filesize

    68KB

    MD5

    1b4392f834bfe290544e76bdc92ddc60

    SHA1

    cc54a73ac90657881887767d0fc95598e6afe7b7

    SHA256

    792dd60e7bfe9c25c02e36b6e465d898a5cc8ede336a35608c48a95ad182d1b2

    SHA512

    1b951c5ebf1a3005d5cbb498531b24a869e66b333f51cdf038a7a7a00963fa8e3e28ee149ab46226a6b9968631421f84d616e9c1b7d50ea3ad8eeab9eee2a5ae

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    167KB

    MD5

    6a85c355f2deb47ad851b1602d5e6abc

    SHA1

    c8eaff0b733b4fa78e8c45419b91310da87d6ea9

    SHA256

    18150f044cfe0839e3dd3032885ab31ca816b5a16962411348f824beb6df2348

    SHA512

    a643f905e3dbd37ff9bb5ff09d674be7ba602bede38e194847e22c31ce6d819f67d3ef95614d229af13d4b23c34a8730a65360be28e4104d7e3a8de5eaec5c42

  • memory/4900-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4900-1780-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB