Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 07:26

General

  • Target

    61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe

  • Size

    44KB

  • MD5

    61956c16e785785755f7c1be4e8f2d00

  • SHA1

    0f72cb97e76e50d20d31ad87a3e30e88d8faa03c

  • SHA256

    208e066613ed185bba09ac4859d0c07bd3c27c647f882e18d20abb6ebce0d64c

  • SHA512

    0ca974ec0f5b93b592868bbf89989316fd64fded99632f638283e5dca0ea44af76cae1b94377bfb611007f4a4a4ca2ae6b6fbc182095febc73429d1da5c90dbb

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHsnAKAC:W7BlpNLpARFbhblkYlkuvIYFdnp3

Score
9/10

Malware Config

Signatures

  • Renames multiple (5187) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

    Filesize

    44KB

    MD5

    57bafaac6fc7a72285643f3c753b95ac

    SHA1

    77e79a8cd66eff97f075f13a975e30236cf4c8c1

    SHA256

    2e7f084b75e75b173275150c8242ce6ba0d29c1e37a994917bd5b3dede6b96e3

    SHA512

    0c9c34240535b7d0f6ce45200687ed854317b053dbfb16a20fa42bf30a211146525e2dce608d097d4b59db964803f00285d5a2bfad88b689a497dd50cd8de3c6

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    143KB

    MD5

    cea2526699a84dc941817e43f75ad9f5

    SHA1

    9acbe5af642cba358365382a592e0b4aec7947cf

    SHA256

    31243e6189461e776efb10662bd2e9a2b26a1d2df8f0b9df2ca94d8d6bf335cd

    SHA512

    949328ac309719e7b1a5ad5552dcd5f7d4a0049c8ccd5adc21f39adf8ac28ade40de0292d843c1203f73d9e7dbee77fde0aadbd4c1199af74e4d06f6fdc28082