Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 07:15

General

  • Target

    60700f04f818f58768ec1ae6075e41f0_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    60700f04f818f58768ec1ae6075e41f0

  • SHA1

    32c5e6c3b45027f32658113adbcb28a17c25af10

  • SHA256

    8f07209f44388b442dd67557bd8fa6b1284985cd11419f3ab94b7602f50bebfb

  • SHA512

    168d92dc90b4a6705043167f504705b3488a8d1ec9cad066ea0a76ada027ab802a099f8db47a7745134042e24b4ec501cdfc53e9e58350cdeb049d1f3420b156

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhD:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsW

Score
9/10

Malware Config

Signatures

  • Renames multiple (3434) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60700f04f818f58768ec1ae6075e41f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\60700f04f818f58768ec1ae6075e41f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

    Filesize

    79KB

    MD5

    fa58515939a0fd4b15ad21dfea12e633

    SHA1

    2a7c8b6fdacbd878ff294f919143bee8bf4003f7

    SHA256

    8c937bc62c2d5848d01635059a7fe92b06da390fab7d82bf889a400f6e1f6c13

    SHA512

    ea200a743cb2a0dfacfe92803c7a6aa6c53fb208bb211ef5aa394fdd5f1eb10174a8a36b3b3fbd07c095ca11749878b86c1cb9008a0e0ff5312a1169369b1b68

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    87KB

    MD5

    9ee894081757ea9a3538cd546b2b1ba6

    SHA1

    b777f11f95876c366172c620638ed560fe630e36

    SHA256

    3d95f16194da1129b5d6e6291bd4a208768f5ea0e7606acda39f77998758893b

    SHA512

    e5a03ed5858e7e0db4ed83c06311801ed956f6a631315eef3ec7ecfd6d1bf21707b9fc09f43cb61a710e3c330b53ac038633a85ccf19149370282b31ff8cc8fc