Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 06:49

General

  • Target

    5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe

  • Size

    82KB

  • MD5

    5cde2bca4687b28bf389948f6944a540

  • SHA1

    69c234ac6d82b3ddefe2b39174b87e07e1750368

  • SHA256

    8df5aa50574578a37863f41b1fba422529bfac71eccf326e32e35c4c410361ac

  • SHA512

    900f0ada5e3abdd055f6a184e26f0baf0375e4096925f77c9aec74ab06cdd7f7ffbb567a7039be0b5b8ba7eb7b42d5b1632cf033276fa8038eb6af93115742e5

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHe:W7ZDpApYbWjIlE77ufL2e+efZwZavC

Score
9/10

Malware Config

Signatures

  • Renames multiple (3445) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

    Filesize

    82KB

    MD5

    ccf2475a4d0c8849ad470fb719866cde

    SHA1

    3b8f8e15384dc46fc9634242b02364be97aa2a68

    SHA256

    94f50657e695ce330b5cf2eb295cad7ef5e45b9a9499202d989ac7b1989b7eb7

    SHA512

    64be2344c088dd73a69ea404a4d4d41f38fc8775da1e1b43790b5689d1b47d448f5e6771d162315a3b627eef33285bf100e712acf0cb7e52f701f64c4a8c26cc

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    91KB

    MD5

    43fb6776dadf7736f73dc8d624a12022

    SHA1

    301ca3aa83c4e16a670a08ed3de70ec8bc1583de

    SHA256

    9d166c6a349a99dc6a22388c7763cc5d2e333a58a5af191d2261e4aa64a0a9ab

    SHA512

    b47d67e5474943351b344c05864a8dd1e8398afc351ab712e9e1f187e34f290dd044543273728245e1eda63bb7238695b7ac9a1bc9967abaffec808f7fc0db41