Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 07:15

General

  • Target

    60700f04f818f58768ec1ae6075e41f0_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    60700f04f818f58768ec1ae6075e41f0

  • SHA1

    32c5e6c3b45027f32658113adbcb28a17c25af10

  • SHA256

    8f07209f44388b442dd67557bd8fa6b1284985cd11419f3ab94b7602f50bebfb

  • SHA512

    168d92dc90b4a6705043167f504705b3488a8d1ec9cad066ea0a76ada027ab802a099f8db47a7745134042e24b4ec501cdfc53e9e58350cdeb049d1f3420b156

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhD:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsW

Score
9/10

Malware Config

Signatures

  • Renames multiple (4735) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60700f04f818f58768ec1ae6075e41f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\60700f04f818f58768ec1ae6075e41f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

    Filesize

    79KB

    MD5

    249b4eb4af0b110b3039e8eee3d437e3

    SHA1

    c9276d7fe96053caf42078d2ec1be7788a1c97a3

    SHA256

    f24ba721c0ce4b0e9fab13af9ee02bc5397baf977482119e9d1baf43e6551cde

    SHA512

    699e5dde62af356f6bcfd973715d54f1b2cf11f6ee175b034489ac7e4347069ce8bd903a8847fa2d811f475be0ab5c5db6d80ac3af256a61b5baf74f97e6f8b4

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    177KB

    MD5

    dc9d76728f09f7ca37e0c53d873deb4d

    SHA1

    add3d5175eb63a3b94520e05b8592a6c2c6508ea

    SHA256

    2ce4be00a71c33def0d35630a416fd175156f7e094c4e8594214aef376bfb706

    SHA512

    c72b9f6c523b929986071886aece443e775262ddea19ac6276b17ab96077e71c95aec8737a34eb1813f9f16fbadcc6c482ff23026c5abadec57de0bf9f524076