Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 07:26

General

  • Target

    61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe

  • Size

    44KB

  • MD5

    61956c16e785785755f7c1be4e8f2d00

  • SHA1

    0f72cb97e76e50d20d31ad87a3e30e88d8faa03c

  • SHA256

    208e066613ed185bba09ac4859d0c07bd3c27c647f882e18d20abb6ebce0d64c

  • SHA512

    0ca974ec0f5b93b592868bbf89989316fd64fded99632f638283e5dca0ea44af76cae1b94377bfb611007f4a4a4ca2ae6b6fbc182095febc73429d1da5c90dbb

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHsnAKAC:W7BlpNLpARFbhblkYlkuvIYFdnp3

Score
9/10

Malware Config

Signatures

  • Renames multiple (3763) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

    Filesize

    44KB

    MD5

    5c24efa4ae0f48781739b902b1c23974

    SHA1

    d883d5d3c5ce7c7c9a83b4b8b27f2a20387cf7fb

    SHA256

    23328a1ec1f65d0f266b4fb5080bdcbd1be2774cabfc139c9f0900295f08e965

    SHA512

    6ca101f499364be3bcbace0fa7ebd4343a52726e6d9306918782cf123d8880193d6f66b5cbd2d9c0637a3e94aefb07ef26336cabcae15ca860d1906ad4b6a778

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    53KB

    MD5

    ab01899f10d1bc397992111b4971fc77

    SHA1

    29d6425ce5ad32fcd94334bfd75e29c912e75d02

    SHA256

    e09a11ccc6b367e24540130fcd9be84f57a72563e9d3bd747610f6139b86203a

    SHA512

    e8cb10790c538aef40807584d2a9ef07db6965fc7c09172a709dcea85f41fa9a17290383c992d474b2a280642c9ce37a763272552834bf34ed0f87abef256327