Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 07:19

General

  • Target

    60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe

  • Size

    83KB

  • MD5

    60e533b160c4c0a9c6312314b64ea530

  • SHA1

    2dd59eb787106b7285c5532df115d3abc437dbf1

  • SHA256

    f1ffabcebdb71426459ea36a4e3c5cedeea2e8a628281b8af4c10422366baa29

  • SHA512

    abb67691996d2d2a359effb09db32d432ee2afe1eeda5fa4212b9ecfef2389b37309da5f9903961b580de23ebb5d234144351bb62daaf753f2ab4de081e00526

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhR:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs0

Score
9/10

Malware Config

Signatures

  • Renames multiple (719) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

    Filesize

    83KB

    MD5

    d7297d79bc4dee01628a598730c28cdd

    SHA1

    a9c91da23e8bbd14707fa6c4b89dc25f8eb8ac4c

    SHA256

    608e519764bc46388823ee6ed024831b12999fe1773ca1b667c531ae21420f4a

    SHA512

    c26ae5140b01fa986ae779e8ed28c4f1b000f27c7614e919fb5701a3c3ab824bd0c376391d5a19e0cc2096a5c7055f9982af1de1df5b267f0b46a096b1ef9638

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    92KB

    MD5

    9dbddd23be1e9be317c9e40edc063693

    SHA1

    dc5debf754f7c1cd053f213afed4d441a5943322

    SHA256

    d372ceeb47ec1fa95bccfa57e41f44004a1bbacfdcdcfee6fe62268e86035140

    SHA512

    2f79b91fdf78588469c0ca77b30667a869ae1c0c1de54d621ea19d3ac952ccac388cd23b133f7c2b2f8948ccba70c93570c3dbd3f6d91dce51b9cd884b20f8d9